CVE-2010-4211

Name of the Vulnerable Software and Affected Versions PayPal app version prior to 3.0.1 for iOS

Description The issue concerns a failure to verify that the server hostname matches the domain name of the subject of an X.509 certificate. This allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.

Recommendations For versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue.