Info: iPod/iPhone standard e-mail application does not validate SSL certificates and is vulnerable to a MITM (man in the middle attack). Vulnerable: All versions. Discovered by: William Borskey wborskey@gmail.com Discussion: The mail application that ships with the iPod/iPhone does not validate SSL certificates. A malicious user can use software such as ettercap-ng to sniff email passwords without the application warning the victim that the certificate may be invalid. Exploit: This flaw can be exploited with ettercap-ng.