Apple has released iOS version 9.3.3. As always, make a backup of your iOS device before performing the update.
To update, tap Settings > General > Software Update. Then tap on install. You may be required to use a Wi-Fi network.
According to Apple, the new release includes the following security fixes and improvements:
Calendar
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted calendar invite may cause a device to unexpectedly restart
Description: A null pointer dereference was addressed through improved memory handling.
CVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical Center
CoreGraphics
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)
FaceTime
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated
Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.
CVE-2016-4635 : Martin Vigo
ImageIO
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to cause a denial of service
Description: A memory consumption issue was addressed through improved memory handling.
CVE-2016-4632 : Evgeny Sidorov of Yandex
ImageIO
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)
IOAcceleratorFamily
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed through improved bounds checking.
CVE-2016-4628 : Ju Zhu of Trend Micro
IOAcceleratorFamily
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A null pointer dereference was addressed through improved validation.
CVE-2016-4627 : Ju Zhu of Trend Micro
IOHIDFamily
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A null pointer dereference was addressed through improved input validation.
CVE-2016-4626 : Stefan Esser of SektionEins
Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-2016-1863 : Ian Beer of Google Project Zero
CVE-2016-1864 : Ju Zhu of Trend Micro
CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause a system denial of service
Description: A null pointer dereference was addressed through improved input validation.
CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
libxml2
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Multiple vulnerabilities in libxml2
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University
CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University
CVE-2016-4448 : Apple
CVE-2016-4483 : Gustavo Grieco
CVE-2016-4614 : Nick Wellnhofer
CVE-2016-4615 : Nick Wellnhofer
CVE-2016-4616 : Michael Paddon
CVE-2016-4619 : Hanno Boeck
libxml2
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information
Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.
CVE-2016-4449 : Kostya Serebryany
libxslt
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Multiple vulnerabilities in libxslt
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-2016-1684 : Nicolas Grégoire
CVE-2016-4607 : Nick Wellnhofer
CVE-2016-4608 : Nicolas Grégoire
CVE-2016-4609 : Nick Wellnhofer
CVE-2016-4610 : Nick Wellnhofer
CVE-2016-4612 : Nicolas Grégoire
Safari
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface spoofing
Description: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic.
CVE-2016-4604 : xisigr of Tencent’s Xuanwu Lab (www.tencent.com)
Sandbox Profiles
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local application may be able to access the process list
Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.
CVE-2016-4594 : Stefan Esser of SektionEins
Siri Contacts
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to a device may be able to see private contact information
Description: A privacy issue existed in the handling of Contact cards. This was addressed through improved state management.
CVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)
Web Media
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a video in Safari’s Private Browsing mode displays the URL of the video outside of Private Browsing mode
Description: A privacy issue existed in the handling of user data by Safari View Controller. This issue was addressed through improved state management.
CVE-2016-4603 : Brian Porter (@portex33)
WebKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may result in the disclosure of process memory
Description: A memory initialization issue was addressed through improved memory handling.
CVE-2016-4587 : Apple
WebKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may disclose image data from another website
Description: A timing issue existed in the processing of SVG. This issue was addressed through improved validation.
CVE-2016-4583 : Roeland Krak
WebKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may compromise user information on the file system
Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.
CVE-2016-4591 : ma.la of LINE Corporation
WebKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks
CVE-2016-4622 : Samuel Gross working with Trend Micro’s Zero Day Initiative
CVE-2016-4623 : Apple
CVE-2016-4624 : Apple
WebKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface spoofing
Description: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins.
CVE-2016-4590 : xisigr of Tencent’s Xuanwu Lab (www.tencent.com)
WebKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted webpage may lead to a system denial of service
Description: A memory consumption issue was addressed through improved memory handling.
CVE-2016-4592 : Mikhail
WebKit JavaScript Bindings
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service
Description: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9.
CVE-2016-4651 : Obscure
WebKit Page Loading
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.
CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)
WebKit Page Loading
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
iPad Notebook 