CVE-2009-3273

Name of the Vulnerable Software and Affected Versions Apple iPhone OS (affected versions not specified) iPhone OS for iPod touch (affected versions not specified)

Description The issue concerns the failure to validate X.509 certificates in iPhone Mail, allowing man-in-the-middle attackers to spoof arbitrary SSL e-mail servers by using a crafted certificate.

Recommendations For Apple iPhone OS, update to a version that properly validates X.509 certificates. For iPhone OS for iPod touch, update to a version that properly validates X.509 certificates. As a temporary workaround, consider disabling SSL e-mail servers until a patch is available.