Early last week Apple released update 10.12.1 for macOS Sierra, Security Update 2016-002 for El Capitan, and Security Update 2016-006 for Yosemite.  Updates were also released for 10.0.1 Safari and 10.1.1 for iOS. These updates were released just in time for an Apple hosted Mac-centric product event.

With update 10.12.1 for macOS Sierra being the first update available to Sierra since it was released, there are a number of fixes included for some of the most pressing issues identified in this latest operating system. Here are some of the fixes that are available with the 10.12.1 macOS Sierra:

  • An automatic smart album in Photos for Depth Effect images taken on iPhone 7 Plus
  • Improved compatibility between Microsoft Office and iCloud Desktop and Documents
  • Improved security and stability in Safari
  • Improved reliability of Auto Unlock with Apple Watch
  • Fixed issue where mail was prevented from updating when using a Microsoft Exchange account
  • Fixed issue where text was sometimes pasted incorrectly when using Universal Clipboard

macOS Sierra/El Capitan/Yosemite

macOS Sierra 10.12.1 includes fixes for 14 vulnerabilities, 2016-002 El Capitan includes fixes for 8 and 2016-006 Yosemite includes fixes for 5.

Many of the vulnerabilities relate to escalation of privilege, arbitrary code execution, information disclosure. Some of the more interesting vulnerabilities include:

  • CVE-2016-4661: An application may be able to cause a denial of service.
  • CVE-2016-4675: a libxpc component vulnerability where a local application may be able to execute arbitrary code with root privileges.
  • CVE-2016-4669: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel.

These examples are noteworthy because they are often used as the starting point to exploiting a system through social engineering. Once the hacker has access, the other vulnerabilities may be useful to gain additional access or information.

Safari 10.0.1

This update includes fixes for 4 vulnerabilities, all of which address the issue where processing malicious web content may lead to arbitrary code execution.  Since these vulnerabilities have to do with users visiting bad websites or web ads which may result in running malware, this update should be applied on all systems.

iOS 10.1.1

This update includes fixes for 17 vulnerabilities, one of which was just added today. These vulnerabilities span issues from arbitrary code execution to the leaking of sensitive user information.

Summary

It is highly likely that additional fixes will be added to the iOS update in the upcoming days. You can also expect to see a macOS Sierra 10.12.2 update released to the general user base real soon since the macOS Sierra 10.12.2 update is already in beta.