Yesterday Apple made available a large collection of security updates for the following list of products:
- Apple OS X Server: OS X Yosemite (10.10.5 or later)
- Apple iTunes (for Windows 7 and later)
- Apple Xcode 7.0 (for OS X Yosemite v10.10.4 or later)
- Apple iOS 9: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Full details on all updates are available on Apple’s Security Updates page. I would suggest prioritizing the installation of the updates for iOS, OS X Server and iTunes since they resolve the largest number of CVEs (defined) and address serious security issues in OS X Server.
Noteworthy fixes included are as follows:
Apple Xcode 7.0: Includes fixes for 10 CVEs (which includes 4 issues in OpenSSL, 2 in subversion (svn) and 1 in the API of the Apache configuration).
Apple iTunes 12.3: Includes fixes for 66 CVEs (includes 7 critical issues with CoreText, 2 issues in ICU and 55 critical issues in WebKit (the renderer within iTunes)).
OS X Server: Addresses 20 CVEs (which includes critical issues resolved within PostgreSQL).
Apple iOS 9: Includes fixes for Apple Pay, CoreCrypto, CoreText, iOS kernel, libc, libpthread, Safari, OpenSSL, Siri and WebKit (among others) (101 CVEs addressed in total with a further 5 issues not assigned a CVE at this time).
If you use any of the above software, please install the appropriate updates as soon as possible. As a routine precaution I would recommend backing up the data on any device for which you are installing updates (preferably to an external storage device that can easily be accessed by you) in order to prevent data loss in the rare event that any update causes unexpected issues.