Info: iPod/iPhone standard e-mail application does not validate SSL certificates and is vulnerable to a MITM (man in the middle attack).
Vulnerable: All versions. Discovered by: William Borskey [email protected] Discussion: The mail application that ships with the iPod/iPhone does not validate SSL certificates. A malicious user can use software such as ettercap-ng to sniff email passwords without the application warning the victim that the certificate may be invalid. Exploit: This flaw can be exploited with ettercap-ng.
