Apple has released software update fixing three vulnerabilities in iOS versions prior to iOS 9.3.5. These vulnerabilities are caused by validation and memory corruption security flaws.
Reports indicate that the vulnerabilities are being exploited in the wild.
A successful attack could lead to disclose kernel memory or execute arbitrary code with kernel privileges.
The product vendor has released iOS 9.3.5 to address the issues. Users can obtain the updates by using the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/kb/HT207107
https://www.hkcert.org/my_url/zh/alert/16082601
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4655
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4656
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4657