Apple released patches for the iOS and OS X operating systems and released a Safari update for vulnerabilities affecting its iPhone, iPod, and iPad devices.
The iOS update (iOS 9.2.1) patched nine vulnerabilities, while the OS X update (El Capitan 10.11.3) patched nine vulnerabilities, and Safari's update (Safari 9.0.3) patched six bugs that affected the iPhone, iPod, and iPad devices.
Several iOS and OS X vulnerabilities allowed local users to execute arbitrary code with root or kernel privileges. Bugs in both operating systems allowed execution of arbitrary code by users visiting a malicious webpage.
An OS X vulnerability in OSA Scripts (CVE-2016-1729) allowed an app to override OSA script libraries installed by the user.
A vulnerability that affected Safari's allowed websites to know if a user visited a link (CVE-2016-1728) and a WebSheet bug allowed for a user's cookies to be accessed (CVE-2016-1730).
Vulnerabilities fixed in the upates were discovered by Trend Micro's moony li, Juwei Lin, and Ju Zhu; KeenLab of Tencent's Liang Chen and Sen Nie; Yahoo! Pentest Team's Frank Graziano; Google Project Zero's Ian Beer; Zimperium zLabs' Joshua J. Drake and Nikias Bassen; Skycure's Adi Sharabani and Yair Amit; puzzor; an anonymous researcher coordinated via Joe Vennix; and Apple's internal security team.