There are several flaws in the way that the iPhone handles digital certificates which could lead to an attacker being able to create his own trusted certificate and entice users into downloading malicious files onto their iPhones. The attack is the end result of a number of different problems with the iPhone. A remote hacker may be able to change some settings on the iPhone and force all of the user s Web traffic to run through any server he chose and also to change the root certificate on the phone, enabling him to man-in-the-middle SSL traffic. An Apple security researcher at Independent Security Evaluators said that the attack works.
Source: https://threatpost.com/iphones-vulnerable-new-remote-attack-020210/73472/