Earlier this month Apple released a group of security updates for a selection of it’s products:
- Apple iOS 9.2.1: For iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
- Apple tvOS 9.1.1: For Apple TV (4th generation)
- Apple OS X El Capitan 10.11.3 and Security Update 2016-001: For OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan V10.11 to v10.11.2
- Apple Safari 9.0.3: For OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.2
As always, comprehensive details of all of these updates are provided on Apple’s Security Updates page.
If you wish to prioritize these updates I would suggest beginning with installing the update for iOS since it addresses a potentially high severity issue that was responsibly disclosed (defined) to Apple. If an attacker were to exploit this issue they would potentially be able to (one or all of the following):
- impersonate their victim on a website of the attacker’s choice
- logging the victim into the attackers account for a website (of the attacker’s choice) rather than the account the victim was trying to access.
Noteworthy fixes included are as follows:
Apple OS X El Capitan 10.11.3 and Security Update 2016-001: Addresses 9 CVEs within AppleGraphicsPowerManagement , Disk Images, IOAcceleratorFamily, IOHIDFamily, IOKit, OS X Kernel, and syslog (among others).
Apple tvOS 9.1.1: Resolves 8 CVEs within Disk Images, IOHIDFamily, IOKit, tvOS Kernel, syslog and WebKit (among others).
Apple Safari 9.0.3: Resolves 6 CVEs (in total) within WebKit (the renderer of Safari) and WebKit CSS.
An alternative summary of these updates is available within Intego’s blog post.
If you use any of the above software, please install the appropriate updates as soon as possible.
As a routine precaution I would recommend backing up the data on any device for which you are installing updates (preferably to an external storage device that can easily be accessed by you) in order to prevent data loss in the rare event that any update causes unexpected issues.