A vulnerability was reported in Apple iOS. A remote user with the ability to conduct a man-in-the-middle attack can access or modify SSL/TLS sessions.
iOS 4.2.5 through 4.2.9 for iPhone 4 (CDMA)
iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 (GSM)
iOS 3.1 through 4.3.4 for iPod touch (3rd generation) and later
iOS 3.2 through 4.3.4 for iPad
Apple iOS Certificate Chain Validation Flaw Lets Certain Remote Users Access or Modify SSL/TLS Sessions.
A remote user in a privileged network position can exploit a certificate chain validation flaw to access or modify data ostensibly protected by SSL/TLS.
A certificate chain validation issue existed in the handling of X.509 certificates.
An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.
Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.
A remote user can access and modify data within an SSL/TLS session.
The vendor has issued a fix (4.2.10 for iPhone 4 (CDMA), 4.3.5 for iPhone 3GS and iPhone 4 (GSM), iPod touch (3rd generation) and later, and iPad).