Disk Images
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team
•IOHIDFamily
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1719 : Ian Beer of Google Project Zero
•IOKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1720 : Ian Beer of Google Project Zero
•Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro
•libxslt
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: A type confusion issue existed in libxslt. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7995 : puzzor
•syslog
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with root privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs
•WebKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
CVE-ID
CVE-2016-1723 : Apple
CVE-2016-1724 : Apple
CVE-2016-1725 : Apple
CVE-2016-1726 : Apple
CVE-2016-1727 : Apple
•WebKit CSS
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Websites may know if the user has visited a given link
Description: A privacy issue existed in the handling of the "a:visited button" CSS selector when evaluating the containing element's height. This was addressed through improved validation.
CVE-ID
CVE-2016-1728 : an anonymous researcher coordinated via Joe Vennix
•WebSheet
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious captive portal may be able to access the user's cookies
Description: An issue existed that allowed some captive portals to read or write cookies. The issue was addressed through an isolated cookie store for all captive portals.
CVE-ID
CVE-2016-1730 : Adi Sharabani and Yair Amit of Skycure