iOS 10.2 — for iPhone 5 and later, iPad fourth generation and later, and iPod touch sixth generation and later — fixes a dozen vulnerabilities. A couple of them also apply to watchOS and tvOS.
Spoken passwords have been disabled due to the risk that they are overheard. (Who thought that was a sensible feature?)
Two ways of accessing photos and contacts from a locked device have been blocked.
A mechanism allowing an attacker to disable Find My iPhone has been countered.
A certain type of maliciously crafted video no longer causes a denial of service (read "crashes"?).
Improved handling of USB devices blocks a route for malicious USB human interface devices to trigger arbitrary code execution.
A bug that could prevent the screen from locking at the end of the idle period has been addressed.
Mail now notifies the user if an email was signed with a revoked certificate.
Certificate profiles are more rigorously validated, addressing an issue that could allow arbitrary code execution. (Also fixed in watchOS 3.1.1 and tvOS 10.1.)
Unauthorised unlocking of a device has been made harder by addressing an issue that could allow more attempts than intended.
An issue that allowed the Handoff feature to be manipulated to prevent the device from locking has been addressed.
For details of the other changes in iOS 10.2, see this support article from Apple.