iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Base Score: 6.8
Impact Score: 6.4
Exploitability Score: 8.6
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 8.0.2 (inclusive)
View all (2 total)