The version of iOS running on the mobile device is prior to 10.1. It is, therefore, affected by multiple vulnerabilities :
A flaw exists in the FaceTime component when handling relayed calls due to inconsistencies in the user interface. A man-in-the-middle attacker can exploit this issue to cause a relayed call to continue to transmit audio while the call appears to be terminated.
(CVE-2016-4635)
An out-of-bounds read error exists in the FontParser component when handling specially crafted font files that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-4660)
An unspecified flaw exists in the Sandbox Profiles component that allows a local attacker, via a specially crafted application, to disclose the metadata of photo directories. (CVE-2016-4664)
An unspecified flaw exists in the Sandbox Profiles component that allows a local attacker, via a specially crafted application, to disclose the metadata of audio recordings. (CVE-2016-4665)
Multiple memory corruption issues exist in Webkit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2016-4666, CVE-2016-4677)
Multiple unspecified flaws exist in the System Boot component, within MIG generated code, due to improper validation of input. A local attacker can exploit these to terminate the system or execute arbitrary code with elevated privileges. (CVE-2016-4669)
A flaw exists in the Security component due to the program logging the length of passwords. A local attacker can exploit this to disclose sensitive information. (CVE-2016-4670)
A memory corruption issue exists in the CoreGraphics component when handling specially crafted JPEG files. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-4673)
An unspecified logic issue exists in libxpc that allows a local attacker to execute arbitrary code with root privileges. (CVE-2016-4675)
A flaw exists in libarchive due to improper path validation when creating temporary files during archive extraction. An unauthenticated, remote attacker can exploit this, via a symlink attack, to overwrite arbitrary files. (CVE-2016-4679)
An unspecified flaw exists in the Kernel component due to improper sanitization of input. A local attacker can exploit this to disclose kernel memory contents.
(CVE-2016-4680)
A flaw exists in the Contacts component due to a failure to revoke an application’s access to the Address Book after its access has been removed in Settings. A local attacker can exploit this to cause access to persist after it should have been removed. (CVE-2016-4686)
A flaw exists in the CFNetworks component when handling proxy credentials that allows a man-in-the-middle attacker to disclose sensitive user information.
(CVE-2016-7579)
Binary data apple_ios_101_check.nbin
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4635
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4660
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4664
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4665
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4669
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4673
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4677
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4679
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4680
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4686
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7579
www.nessus.org/u?dfd3289a
support.apple.com/en-us/HT207271