Yesterday Apple made available a collection of security update for the following list of products:
Apple Safari: for OS X Yosemite (10.10), OS X Mavericks (10.9) and OS X Mountain Lion (10.8)
Apple OS X: for OS X Yosemite (10.10), OS X Mavericks (10.9) and OS X Mountain Lion (10.8)
Apple OS X Server: OS X Yosemite (10.10.5 or later)
Apple iOS 8.4.1: for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
As always full details on all updates are available on Apple’s Security Updates page. For this large collection of security updates, I would suggest prioritizing the installation of the update for OS X since it resolves the largest number of CVEs (defined) and addresses a serious publically disclosed issue in a component known as the DYLD_PRINT_TO_FILE environment variable. This flaw is discussed further in this post and this post.
Noteworthy fixes included are as follows:
Apple Safari: Includes fixes for 26 CVEs in WebKit (the renderer of Safari) and WebKit related components (27 CVEs addressed in total).
OS X (10.10, 10.9 and 10.8): Includes fixes for Apache (the popular open source web server), Bluetooth security fixes, FontParser OS X kernel, libc, libpthread, OpenSSH, OpenSSL, PostreSQL, Python, QuickTime, sudo and tcpdump (135 CVEs addressed in total).
Apple iOS 8.4.1: Includes fixes for CoreText, FontParser, iOS kernel, libc, libpthread, Safari and 25 CVEs in WebKit (and WebKit related components)(71 CVEs addressed in total).
If you use any of the above software, please install the appropriate updates as soon as possible. As a routine precaution I would recommend backing up the data on any device for which you are installing updates (preferably to an external storage device that can easily be accessed) in order to prevent data loss in the rare event that any update causes unexpected issues.