VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 9, 2010· Updated Apr 29, 2026

CVE-2010-1810

CVE-2010-1810

Description

FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

FaceTime in Apple iOS before 4.1 fails to validate X.509 certificates, enabling man-in-the-middle attacks to redirect calls.

Vulnerability

FaceTime in Apple iOS versions prior to 4.1 on iPhone and iPod touch does not properly validate X.509 certificates [1]. This vulnerability allows a man-in-the-middle attacker to present a crafted certificate that is accepted by the FaceTime client, enabling call redirection. The affected versions are iOS 3.0 through 4.0.2 for iPhone 3GS and later, and iOS 3.0 through 4.0.2 for iPod touch (3rd generation) [1].

Exploitation

An attacker with network position to intercept FaceTime traffic can present a crafted X.509 certificate that the client incorrectly accepts. No authentication or user interaction beyond initiating a FaceTime call is required. The attacker can then redirect the call to a different endpoint.

Impact

Successful exploitation allows a man-in-the-middle attacker to redirect FaceTime calls, potentially intercepting audio or impersonating the intended recipient. This compromises the confidentiality and integrity of the communication.

Mitigation

Apple addressed this issue in iOS 4.1, released on September 8, 2010 [1]. Users should update to iOS 4.1 or later. No workarounds are documented for unpatched versions.

References
  1. About the security content of iOS 4.1 for iPhone and iPod touch - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

28
  • Apple Inc./Iphone Os27 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=4.0.2
    • cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: < 4.1 on iPhone and iPod touch

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.