The standard e-mail application that comes with the iPod and iPhone suffers from a man in the middle vulnerability due to not validating SSL certificates.
bac88e063695c7f4ceb162add1f4a3f7f90de5e74efea5e40f7b28a7f59a10f9
Info:
iPod/iPhone standard e-mail application does not validate SSL certificates
and is vulnerable to a MITM (man in the middle attack).
Vulnerable: All versions.
Discovered by: William Borskey wborskey@gmail.com
Discussion:
The mail application that ships with the iPod/iPhone does not validate SSL
certificates. A malicious user can use software such as ettercap-ng to sniff
email passwords without the application warning the victim that the
certificate may be invalid.
Exploit:
This flaw can be exploited with ettercap-ng.