CVE 2016-4719
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
See the
CVE page on Mitre.org
for more details.