Apple has released software update fixing 12 vulnerabilities in iOS versions prior to iOS 10.2. These vulnerabilities are caused by the problems in various iOS components. There are multiple attack vectors, an attacker could entice a user to open a maliciously crafted video or certificate, or connect a malicious human interface device to exploit the vulnerabilities, etc.
A successful attack could lead to information disclosure, denial of service, or arbitrary code execution.
The product vendor has released iOS 10.2 to address the issues. Users can obtain the updates by using the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/kb/HT207422
https://www.hkcert.org/my_url/en/alert/16121301
https://www.us-cert.gov/ncas/current-activity/2016/12/12/Apple-Releases-Security-Updates
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4689
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4690
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4781
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-7597
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-7601
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-7626
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-7634
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-7638
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-7651
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-7653
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-7664
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-7665