Timothy J. Wood

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9 **Description** The issue is related to the NSURL implementation in the CFNetwork SSL component, which does not properly verify X.509 certificates from SSL servers after a certificate change. This allows attackers to spoof servers and obtain sensitive information via a crafted certificate. The vulnerability can be exploited by conducting a man-in-the-middle attack, enabling the attacker to access protected information using a specially formed certificate. **Recommendations** For Apple iOS versions prior to 9, update to a version 9 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information over SSL connections until the update is applied.