Apple has released software update fixing 39 vulnerabilities in iOS versions prior to iOS 9.3.2. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, an attacker could entice a user to open a specially crafted image file, XML document, web page or install a malicious application to exploit the vulnerabilities.
Depending on the vulnerability exploited, a successful attack could lead to application termination, denial of service condition, information disclosure or remote arbitrary code execution.
The product vendor has released iOS 9.3.2 to address the issues. Users can obtain the updates by using the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/en-us/HT206568
https://www.hkcert.org/my_url/en/alert/16051701
https://www.us-cert.gov/ncas/current-activity/2016/05/16/Apple-Releases-Multiple-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1801 (to CVE-2016-1803)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1807 (to CVE-2016-1808)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1813 (to CVE-2016-1814)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1817 (to CVE-2016-1819)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1823 (to CVE-2016-1824)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1827 (to CVE-2016-1842)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1854 (to CVE-2016-1859)