TUCoPS :: Phreaking Cellular - Major Manufacturers :: bt-21636.htm

iphone email client does not validate ssl certificates
iphone email client does not validate ssl certificates
iphone email client does not validate ssl certificates


Info:

iPod/iPhone standard e-mail application does not validate SSL certificates
and is vulnerable to a MITM (man in the middle attack).

Vulnerable: All versions.

Discovered by: William Borskey wborskey@gmail.com 

Discussion:

The mail application that ships with the iPod/iPhone does not validate SSL
certificates. A malicious user can use software such as ettercap-ng to sniff
email passwords without the application warning the victim that the
certificate may be invalid.

Exploit:

This flaw can be exploited with ettercap-ng.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH