The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
Apple iOS is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers or obtain sensitive information. This will aid in further attacks.
Updates are available. Please see the references or vendor advisory for more information.
Attackers can use readily available tools to exploit this issue.