Apple released 28 security fixes for its iOS and Mac OS X operating systems and the Safari Web browser.
Nine of the fixes were with the release of OS X El Capitan 10.11.3. Some of these address critical issues that allow attackers to execute arbitrary code in the operating system’s kernel via OS features like AppleGraphicsPowerManagement, IOAcceleratorFamily, Disk Images, IOHIDFamily, and IOKit.
A security fix was also in the OS X kernel. That vulnerability enabled arbitrary code execution.
Other security fixes included in OS X El Capitan 10.11.3 also address an arbitrary code execution with root privileges in the syslog function, a bug in libxslt that allowed attackers to execute code on the OS after tricking the user into visiting a malicious website, and an issue with Mac’s OSA Scripts utility that allowed a quarantined application to overwrite OSA script libraries on the system.
Apple also released Safari 9.0.3 to fix five security bugs in the WebKit rendering engine that allowed attackers to execute code on the underlying operating system, after tricking the user into accessing a malicious website.
A sixth Safari issue addressed a privacy situation, where websites may know if the user has visited a given link in the past.
For iOS, Apple fixed 13 security bugs with the release of iOS version 9.2.1. Twelve of these issues ended up shared with OS X and Safari, like the ones in the kernel, Disk Images, IOKit, IOHIDFamily, libxslt, and syslog utilities.
The only security bug specific to iOS was an issue in WebSheet, which could end up exploited by malicious websites to give away the user’s cookies.
Between the December 2015 and January 2016 security updates, Apple also patched QuickTime on January 7, with the release of version 7.7.9 that addressed nine security bugs on Windows Vista and Windows 7.