Apple has released software update fixing 18 vulnerabilities in iOS versions prior to iOS 10.2.1. These vulnerabilities are caused by the problems in various iOS components. There are multiple attack vectors, an attacker could entice a user to open a maliciously crafted contact card, web content or install a malicious application to exploit the vulnerabilities.
A successful attack could lead to auto unlock the device, unexpected application termination, information disclosure, open unexpected popups, elevation of privilege or arbitrary code execution.
The product vendor has released iOS 10.2.1 to address the issues. Users can obtain the updates by using the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/kb/HT207482
https://www.hkcert.org/my_url/en/alert/17012401
https://www.us-cert.gov/ncas/current-activity/2017/01/23/Apple-Releases-Security-Updates
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8687
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2350 (to CVE-2017-2352)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354 (to CVE-2017-2356)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2360
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2362 (to CVE-2017-2366)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2368 (to CVE-2017-2371)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2373