CVE 2016-4741
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.
See the 
CVE page on Mitre.org
for more details.
