iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
http://secunia.com/advisories/61825
https://exchange.xforce.ibmcloud.com/vulnerabilities/97665