Total vulnerabilities in the database
The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
| Software | From | Fixed in |
|---|---|---|
| apple / watchos | 1.0 | 1.0.x |
| apple / mac_os_x | - | 10.10.5.x |
| apple / iphone_os | - | 8.4.1.x |