Fifty-four vulnerabilities across OS X were patched Tuesday, including fixes for Mavericks v10.9.5, OS X Yosemite v10.10.5, and the most recent builds of OS X, El Capitan v10.11 and v10.11.1. Almost half of the issues could either lead to remote code execution, or make it so either a local user or malicious application could execute arbitrary code – with kernel privileges or system privileges.
The update also brings a handful of open source packages, such as OpenSSH, libxml2, OpenGL, and apache_mod_php, up to date.
For what it’s worth, the El Capitan update also fixes a bunch of other, non-security, stability issues, including one that caused Bluetooth devices to disconnect, and one that prevented Mail from deleting messages in an offline Exchange account.
Fifty issues, many which carry over from OS X, were also addressed in Apple’s mobile operating system, iOS, updating the it to 9.2.
When Apple released iOS 9.1 in October it killed a PanguTeam jailbreak for iOS 9.0. While the collective has yet to release a jailbreak for 9.1, Apple does credit the team for discovering three issues it wound up fixing in 9.2, including a timing issue in the loading of the trust cache in MobileStorageMounter, a segment validation issue in dyld, and a path validation issue in Mobile Backup for Photos.
The advisories for both Apple TV and the Apple Watch mostly mirror the advisory for iOS, as they share a lot of the same framework.
The Safari issues, 13 in total, all pertain to WebKit, and mostly address multiple memory corruption issues in the browser. A lone input validation issue existed in content blocking and could’ve revealed a user’s browsing history if they stumbled across a special website, but Apple fixed that, bringing
Tuesday’s update also brought a few fixes for Xcode, Apple’s integrated development environment, including fixes for multiple vulnerabilities in a popular source control system for Xcode, Git, and smattering of memory corruption issues.