Nada menos que 13 CVEs corregidos.
Aquí está la lista completa. Vamos a morir todos...
Released October 24, 2016
CFNetwork Proxies
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts.
CVE-2016-7579: Jerry Decime
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An application may be able to maintain access to the Address Book after access is revoked in Settings
Description: An access control issue in the Address Book was addressed through improved file-link validation.
CVE-2016-4686: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)
CoreGraphics
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
FaceTime
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated
Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: Parsing a maliciously crafted font may disclose sensitive user information
Description: An out-of-bounds read was addressed through improved bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input sanitization.
CVE-2016-4680: Max Bazaliy of Lookout and in7egral
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with root privileges
Description: A logic issue was addressed through additional restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of photo directories
Description: An access issue was addressed through additional sandbox restrictions on third party applications.
CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of audio recording directories
Description: An access issue was addressed through additional sandbox restrictions on third party applications.
CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: A local attacker can observe the length of a login password when a user logs in
Description: A logging issue existed in the handling of passwords. This issue was addressed by removing password length logging.
CVE-2016-4670: an anonymous researcher
System Boot
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation.
CVE-2016-4669: Ian Beer of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-2016-4677: Anonymous working with Trend Micro Zero Day Initiative
