Apple has released software update fixing 88 vulnerabilities in iOS versions prior to iOS 10.3. These vulnerabilities are caused by the problems in various iOS components. There are multiple attack vectors, an attacker could entice a user to open a maliciously crafted audio, image, text message, web content or install a malicious application to exploit the vulnerabilities.
A successful attack could lead to arbitrary code execution, denial of services, elevation of privilege, information disclosure, or unexpected application termination.
The product vendor has released iOS 10.3 to address the issues. Users can obtain the updates by using the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/en-hk/HT207617
https://www.hkcert.org/my_url/en/alert/17032801
https://www.us-cert.gov/ncas/current-activity/2017/03/27/Apple-Releases-Security-Update-iWork
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3619
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9642
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9643
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2364
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2367
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2376 (to CVE-2017-2380)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2384
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2386
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2389
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2390
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2393 (to CVE-2017-2401)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2404 (to CVE-2017-2407)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2412
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2414 (to CVE-2017-2417)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2419
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2423
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2424
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2428
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2430
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2432 (to CVE-2017-2435)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2439 (to CVE-2017-2442)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2442
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2444 (to CVE-2017-2448)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2450 (to CVE-2017-2462)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2464 (to CVE-2017-2476)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2478 (to CVE-2017-2487)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029