Apple releases security updates for every major product
Apple has released security updates for the operating systems running on the company’s iPhones, computers, Apple TV and various versions of smartwatches, as well as Xcode and Safari.
The Xcode update (v7.2) includes fixes for four bugs, Safari’s (v9.0.2) for 12 (all in Webkit), most of which could lead to arbitrary code execution if the user visits a maliciously crafted website.
The tvOS update (v9.1) plugs 48 holes, including the aforementioned 12 patched in Safari. Most of the other flaws can be triggered by malicious applications, maliciously crafted images and websites, and could lead to arbitrary code execution, often with kernel or system privileges. A memory corruption issue in handling SSL handshakes could have been exploited by a remote attacker to execute code on the TV device.
iOS 9.2 addressed 50 vulnerabilities, many of which are remote code execution vulnerabilities in the various iOS components. watchOS 2.1 contains many of the same fixes as iOS 9.2 (fixes in WebKit excluded).
OS X El Capitan 10.11.2 (and Security Update 2015-008 for Mavericks and Yosemite) fixes 54 issues, including a couple in PHP, several in LibreSSL, one that would allow a malicious application to masquerade as the Keychain Server, and a memory corruption issue in handling SSL handshakes. Several stability problems have also been fixed.
This update also includes the security content of Safari 9.0.2., and makes the QuickTime 7 web browser plug-in no longer enabled by default, relegating it to the status of legacy plug-in.