CVE 2016-4620
The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.
See the 
CVE page on Mitre.org
for more details.
