Apple released patches for the iOS and OS X operating systems and released a Safari update for vulnerabilities affecting its iPhone, iPod, and iPad devices.
The iOS update (iOS 9.2.1) patched nine vulnerabilities, while the OS X update (El Capitan 10.11.3) patched nine vulnerabilities, and Safari's update (Safari 9.0.3) patched six bugs that affected the iPhone, iPod, and iPad devices.
Several iOS and OS X vulnerabilities allowed local users to execute arbitrary code with root or kernel privileges. Bugs in both operating systems allowed execution of arbitrary code by users visiting a malicious webpage.
An OS X vulnerability in OSA Scripts (CVE-2016-1729) allowed an app to override OSA script libraries installed by the user.
A vulnerability that affected Safari's allowed websites to know if a user visited a link (CVE-2016-1728) and a WebSheet bug allowed for a user's cookies to be accessed (CVE-2016-1730).
Last week, Patrick Wardle, Synack's director of research Patrick Wardle demonstrated that it was still possible for attackers to bypass Apple's Gatekeeper program and achieve elevated access.
Vulnerabilities fixed in the upates were discovered by Trend Micro's moony li, Juwei Lin, and Ju Zhu; KeenLab of Tencent's Liang Chen and Sen Nie; Yahoo! Pentest Team's Frank Graziano; Google Project Zero's Ian Beer; Zimperium zLabs' Joshua J. Drake and Nikias Bassen; Skycure's Adi Sharabani and Yair Amit; puzzor; an anonymous researcher coordinated via Joe Vennix; and Apple's internal security team.