diff --git a/CVE-2016-5104.patch b/CVE-2016-5104.patch
new file mode 100644
index 0000000..8de02d8
--- /dev/null
+++ b/CVE-2016-5104.patch
@@ -0,0 +1,31 @@
+From 4397b3376dc4e4cb1c991d0aed61ce6482614196 Mon Sep 17 00:00:00 2001
+From: Joshua Hill <posixninja@gmail.com>
+Date: Tue, 29 Dec 2015 23:09:37 +0100
+Subject: [PATCH] common: [security fix] Make sure sockets only listen locally
+
+---
+ common/socket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/common/socket.c b/common/socket.c
+index 27b93ba..4cdefd6 100644
+--- a/common/socket.c
++++ b/common/socket.c
+@@ -203,7 +203,7 @@ int socket_create(uint16_t port)
+ 
+ 	memset((void *) &saddr, 0, sizeof(saddr));
+ 	saddr.sin_family = AF_INET;
+-	saddr.sin_addr.s_addr = htonl(INADDR_ANY);
++	saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	saddr.sin_port = htons(port);
+ 
+ 	if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
+@@ -368,7 +368,7 @@ int socket_accept(int fd, uint16_t port)
+ 
+ 	memset(&addr, 0, sizeof(addr));
+ 	addr.sin_family = AF_INET;
+-	addr.sin_addr.s_addr = htonl(INADDR_ANY);
++	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	addr.sin_port = htons(port);
+ 
+ 	addr_len = sizeof(addr);
diff --git a/libusbmuxd.spec b/libusbmuxd.spec
index c215d50..bcc750b 100644
--- a/libusbmuxd.spec
+++ b/libusbmuxd.spec
@@ -1,12 +1,13 @@
 Name:          libusbmuxd
 Version:       1.0.10
-Release:       4%{?dist}
+Release:       5%{?dist}
 Summary:       Client library USB multiplex daemon for Apple's iOS devices
 
 Group:         System Environment/Libraries
 License:       LGPLv2+
 URL:           http://www.libimobiledevice.org/
 Source0:       http://www.libimobiledevice.org/downloads/%{name}-%{version}.tar.bz2
+Patch0:        CVE-2016-5104.patch
 
 BuildRequires: libplist-devel >= 1.11
 
@@ -35,6 +36,7 @@ Files for development with %{name}.
 
 %prep
 %setup -q
+%patch0 -p1 -b .soc
 
 %build
 %configure --disable-static
@@ -72,6 +74,9 @@ make check
 %{_libdir}/libusbmuxd.so
 
 %changelog
+* Fri May 27 2016 Peter Robinson <pbrobinson@fedoraproject.org> 1.0.10-5
+- Fix CVE-2016-5104
+
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild