Apple devices are still vulnerable to malformed JPEGs, PDFs and font files
If you have an Apple device, you should update it to IOS 10.1 as soon as possible: the update addresses a vulnerability that allows you to take control of the device by simply sending a JPEG image specially packaged (CVE-2016–4673). More technical details (from Apple) are here:
The 10.1 release of iOs includes updates to address 12 CVE-listed security vulnerabilities in the firmware for the iPhone, iPad and iPod Touch.
Those flaws include a remote code execution flaw in the handling of JPEG images (CVE-2016–4673), a remote code execution bug in WebKit (CVE-2016–4677), local code execution flaws, and a vulnerability in contacts (CVE-2016–4686) that would let an application pull Address Book details even when access has been revoked.
Apple also released the 10.12.1 version of Mac OS X: the update brings fixes for 16 CVE-listed vulnerabilities.
Those include the CVE-2016–4673 image-handling bug as well as remote code execution flaws that could be triggered by font files (CVE-2016–4667) and PDF files (CVE-2016–4671). Also released was a fix for a denial of service error in Nvidia graphics card drivers (CVE-2016–4663) and a bug that exposed the length of user passwords (CVE-2016–4670).
More details here: