Published on: 27 October 2016
Apple has released software update fixing 14 vulnerabilities in iOS versions prior to iOS 10.1. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, an attacker could entice a user to open a maliciously crafted JPEG file, website or install a malicious application to exploit the vulnerabilities.
A successful attack could lead to information disclosure, overwrite arbitrary files, disclose kernel memory, arbitrary code execution or unexpected system termination.
The product vendor has released iOS 10.1 to address the issues. Users can obtain the updates by using the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/kb/HT207271
https://www.hkcert.org/my_url/zh/alert/16102504
https://www.us-cert.gov/ncas/current-activity/2016/10/24/Apple-Releases-Security-Updates
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4635
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4660
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4664
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4665
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4666
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4669
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4670
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4673
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4675
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4677
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4679
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4680
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4686
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-7579