iOS 9.3, which was announced and released today, includes dozens of security fixes.
A total of 39 vulnerabilities are addressed by iOS 9.3, several of them allowing arbitrary code execution via remote exploits.
Examples include multiple XML processing issues, and openings for maliciously-crafted certificates, font files and unspecified web content,
|
Among the other, more interesting problems fixed were an issue that could allow a malicious website to auto-fill text into Messages threads, a certificate validation issue that could allow an untrusted MDM (mobile device management) profile to be incorrectly displayed as trusted, the possibility of a hidden web page being able to access device motion data, and an opportunity for websites to improperly obtain location data.
The vulnerabilities were reported by various security researchers and others. Names occurring more than once in the credits include Brandon Azad, CESG, Google, Qihoo 360, Trend Micro, and Trend Micro's Zero Day Initiative (ZDI rewards researchers for responsible disclosure, and Trend is a sponsor of the Pwn2Own competition).
A full list of the vulnerabilities addressed by iOS 9.3 is available here.