CVE-2007-3754

Apple iPhone 1.1.1 - Improper Authentication in Mail SSL Certificate Validation

Title source: llm
STIX 2.1

Description

Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25856
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=306586
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36845
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38537
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26983
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3287
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1018752

Scores

EPSS 0.0184
EPSS Percentile 76.3%

Details

CWE
CWE-287
Status published
Products (3)
apple/iphone 1.0
apple/iphone_os 1.0.1
apple/iphone_os 1.0.2
Published Sep 27, 2007
Tracked Since Feb 18, 2026