About the security content of iOS 9.3 - Apple Support

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other security updates, see Apple security updates.

iOS 9.3

• AppleUSBNetworking

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A USB device may be able to cause a denial of service

Description: An error handling issue existed in packet validation. This issue was addressed through improved error handling.

CVE-ID

CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path

• FontParser

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed through improved memory handling.

CVE-ID

CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro’s Zero Day Initiative (ZDI)

• HTTPProtocol

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A remote attacker may be able to execute arbitrary code

Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0.

CVE-ID

CVE-2015-8659

• IOHIDFamily

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An application may be able to determine kernel memory layout

Description: A memory corruption issue was addressed through improved memory handling.

CVE-ID

CVE-2016-1748 : Brandon Azad

• Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An application may be able to cause a denial of service

Description: A denial of service issue was addressed through improved validation.

CVE-ID

CVE-2016-1752 : CESG

• Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed through improved memory management.

CVE-ID

CVE-2016-1750 : CESG

• Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: Multiple integer overflows were addressed through improved input validation.

CVE-ID

CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro’s Zero Day Initiative (ZDI)

• Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An application may be able to bypass code signing

Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation.

CVE-ID

CVE-2016-1751 : Eric Monti of Square Mobile Security

• Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition existed during the creation of new processes. This was addressed through improved state handling.

CVE-ID

CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça

• Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A null pointer dereference was addressed through improved input validation.

CVE-ID

CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team

• Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-ID

CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team

CVE-2016-1755 : Ian Beer of Google Project Zero

• Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An application may be able to determine kernel memory layout

Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.

CVE-ID

CVE-2016-1758 : Brandon Azad

• LaunchServices

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An application may be able to modify events from other applications

Description: An event handler validation issue existed in the XPC Services API. This issue was addressed through improved message validation.

CVE-ID

CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team

• libxml2

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-ID

CVE-2015-1819

CVE-2015-5312 : David Drysdale of Google

CVE-2015-7499

CVE-2015-7500 : Kostya Serebryany of Google

CVE-2015-7942 : Kostya Serebryany of Google

CVE-2015-8035 : gustavo.grieco

CVE-2015-8242 : Hugh Davenport

CVE-2016-1761 : wol0xff working with Trend Micro’s Zero Day Initiative (ZDI)

CVE-2016-1762

• Messages

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a maliciously crafted website may auto-fill text into other Message threads

Description: An issue existed in the parsing of SMS URLs. This issue was addressed through improved URL validation.

CVE-ID

CVE-2016-1763 : CityTog

• Messages

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An attacker who is able to bypass Apple’s certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments

Description: A cryptographic issue was addressed by rejecting duplicate messages on the client.

CVE-ID

CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University

• Profiles

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An untrusted MDM profile may be incorrectly displayed as verified

Description: A certificate validation issue existed in MDM profiles. This was addressed through additional checks.

CVE-ID

CVE-2016-1766 : Taylor Boyko working with Trend Micro’s Zero Day Initiative (ZDI)

• Security

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution

Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation.

CVE-ID

CVE-2016-1950 : Francis Gabriel of Quarkslab

• TrueTypeScaler

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.

CVE-ID

CVE-2016-1775 : 0x1byte working with Trend Micro’s Zero Day Initiative (ZDI)

• WebKit

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-ID

CVE-2016-1778 : 0x1byte working with Trend Micro’s Zero Day Initiative (ZDI) and Yang Zhao of CM Security

CVE-2016-1783 : Mihai Parparita of Google

• WebKit

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A website may be able to track sensitive user information

Description: An issue existed in the handling of attachment URLs. This issue was addressed through improved URL handling.

CVE-ID

CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.

• WebKit

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A website may be able to track sensitive user information

Description: A hidden web page may be able to access device-orientation and device-motion data. This issue was addressed by suspending the availability of this data when the web view is hidden.

CVE-ID

CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao of the School of Computing Science, Newcastle University, UK

• WebKit

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a maliciously crafted website may reveal a user’s current location

Description: An issue existed in the parsing of geolocation requests. This was addressed through improved validation of the security origin for geolocation requests.

CVE-ID

CVE-2016-1779 : xisigr of Tencent’s Xuanwu Lab (http://www.tencent.com)

• WebKit

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious website may be able to access restricted ports on arbitrary servers

Description: A port redirection issue was addressed through additional port validation.

CVE-ID

CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd.

• WebKit

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Opening a maliciously crafted URL may lead to the disclosure of sensitive user information

Description: An issue existed in URL redirection when XSS auditor was used in block mode. This issue was addressed through improved URL navigation.

CVE-ID

CVE-2016-1864 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc.

• WebKit History

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description: A resource exhaustion issue was addressed through improved input validation.

CVE-ID

CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net)

• WebKit Page Loading

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a malicious website may lead to user interface spoofing

Description: Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. This issue was addressed through improved URL display logic.

CVE-ID

CVE-2016-1786 : ma.la of LINE Corporation

• WebKit Page Loading

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious website may exfiltrate data cross-origin

Description: A caching issue existed with character encoding. This was addressed through additional request checking.

CVE-ID

CVE-2016-1785 : an anonymous researcher

• Wi-Fi

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An attacker with a privileged network position may be able to execute arbitrary code

Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling.

CVE-ID

CVE-2016-0801 : an anonymous researcher

CVE-2016-0802 : an anonymous researcher