Re: iOS 10.2
A number of issues have been fixed in iOS 10.2 including a number of security issues.
https://support.apple.com/en-us/HT207422
Released December 12, 2016
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: A nearby user may be able to overhear spoken passwords
Description: A disclosure issue existed in the handling of passwords. This issue was addressed by disabling the speaking of passwords.
CVE-2016-7634: Davut Hari
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to access photos and contacts from the lock screen
Description: A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device.
CVE-2016-7664: Miguel Alvarado of iDeviceHelp
Accounts
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An issue existed which did not reset the authorization settings on app uninstall
Description: This issue was addressed through improved sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro
Find My iPhone
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An attacker with an unlocked device may be able to disable Find My iPhone
Description: A state management issue existed in the handling of authentication information. This issue was addressed through improved storage of account information.
CVE-2016-7638: Sezer Sakiner, an anonymous researcher
Graphics Driver
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: Watching a maliciously crafted video may lead to a denial of service
Description: A denial of service issue existed in the handling of video. This issue was addressed through improved input validation.
CVE-2016-7665: Moataz El Gaml of Schlumberger, an anonymous researcher
Image Capture
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: A malicious HID device may be able to cause arbitrary code execution
Description: A validation issue existed in the handling of USB image devices. This issue was addressed through improved input validation.
CVE-2016-4690: Andy Davis of NCC Group
Local Authentication
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: The device may not lock the screen after the idle timeout
Description: A logic issue existed in the handling of the idle timer when the Touch ID prompt is shown. This issue was addressed through improved handling of the idle timer.
CVE-2016-7601: an anonymous researcher
Mail
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An email signed with a revoked certificate may appear valid
Description: S/MIME policy failed to check if a certificate was valid. This issue was addressed by notifying a user if an email was signed with a revoked certificate.
CVE-2016-4689: an anonymous researcher
Media Player
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: A user may be able to view photos and contacts from the lockscreen
Description: A validation issue existed in the handling of media selection. This issue was addressed through improved validation.
CVE-2016-7653
Profiles
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: Opening a maliciously crafted certificate may lead to arbitrary code execution
Description: A memory corruption issue existed in the handling of certificate profiles. This issue was addressed through improved input validation.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to unlock the device
Description: In some cases, a counter issue existed in the handling of passcode attempts when resetting the passcode. This was addressed through improved state management.
CVE-2016-4781: an anonymous researcher
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to keep the device unlocked
Description: A cleanup issue existed in the handling of Handoff with Siri. This was addressed through improved state management.
CVE-2016-7597: an anonymous researcher