CVE-2015-5824

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 9

Description The issue is related to the NSURL implementation in the CFNetwork SSL component, which does not properly verify X.509 certificates from SSL servers after a certificate change. This allows attackers to spoof servers and obtain sensitive information via a crafted certificate. The vulnerability can be exploited by conducting a man-in-the-middle attack, enabling the attacker to access protected information using a specially formed certificate.

Recommendations For Apple iOS versions prior to 9, update to a version 9 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information over SSL connections until the update is applied.