CVE-2009-0958

Name of the Vulnerable Software and Affected Versions Apple iPhone OS versions 1.0 through 2.2.1 iPhone OS for iPod touch versions 1.1 through 2.2.1

Description The issue allows remote Exchange servers to obtain sensitive information, such as credentials, when the user accepts an untrusted Exchange server certificate. This causes the exception for a hostname to be stored, leading to the certificate being accepted without prompting in future usage.

Recommendations For Apple iPhone OS versions 1.0 through 2.2.1, consider avoiding the use of untrusted Exchange server certificates until a fix is available. For iPhone OS for iPod touch versions 1.1 through 2.2.1, consider avoiding the use of untrusted Exchange server certificates until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.