alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY SSL MiTM Vulnerable iOS 4.x CDMA iPhone device"; flow:established,to_server; threshold:type limit, count 1, seconds 600, track by_src; http.header; content:"Mozilla/5.0 (iPhone"; content:" OS 4_"; distance:0; content:!"OS 4_2_1 like"; pcre:"/OS 4_2_[0-9] like/"; reference:url,support.apple.com/kb/HT1222; reference:url,support.apple.com/kb/HT4825; reference:url,en.wikipedia.org/wiki/IOS_version_history; classtype:not-suspicious; sid:2013336; rev:5; metadata:created_at 2011_07_30, confidence High, signature_severity Informational, updated_at 2020_04_20;)