Apple has posted a trio of software updates to address major security flaws in its OS X and iOS operating systems.
For iOS, the 9.0.2 update will include a fix for a highly publicized security flaw with passcodes: someone can bypass the passcode screen on iPhones and iPads using Siri's voice commands to access photos and contacts on earlier versions of iOS.
The iOS update also includes fixes for performance issues in cellular data connections, problems with activating iMessages and iCloud backup, and performance problems with podcasts and recognizing screen rotation.
For OS X, the long-awaited El Capitan upgrade brings the OS out of beta, and provides not only performance, Safari, and Mail updates, but also fixes a whopping 101 CVE-listed security vulnerabilities in the Mac operating system.
Among the flaws are 19 vulnerabilities in PHP, including remote code execution flaws. Apple also addressed flaws that could allow a malicious application to harvest user keychain information, a flaw that prevented the secure emptying of trash, and three security vulnerabilities in bash.
Apple also addressed four CVE-listed remote code execution flaws in IOActive, vulnerabilities in kernel, and a flaw in Mail that bypassed user preferences when printing to potentially allow the display of private information.
For those who opt out of installing El Capitan, Apple has released Safari 9. The browser update contains fixes for 45 CVE-listed vulnerabilities, most for the WebKit browser engine. The WebKit fixes include 34 different flaws that could be exploited by a malicious webpage to remotely execute code on a targeted Mac.
Other Safari 9 fixes include a man-in-the-middle flaw in Safari Extensions and a bug in Safari Safe Browsing that would allow a potentially dangerous IP address to go unnoticed.
For OS X you can obtain the Safari and El Capitan updates through Software Update in the Mac App Store, while the iOS update can be downloaded by opening the Settings app and tapping General, then Software Update. ®