Apple has released updates for iOS, macOS and other products to fix a number of security issues.
Given the commonality among macOS, iOS, watchOS and tvOS, it's not surprising that security fixes for each operating system arrive at much the same time.
Overnight, Apple released iOS 10.2.1, macOS 10.12.3, watchOS 3.1.3 and watchOS 10.1.1.
iOS 10.2.1 includes 18 security fixes. A dozen concern WebKit (the framework used by the Safari browser and other applications that render HTML), three others might be exploitable to execute arbitrary code, and one could allow the Auto Unlock function to operate even when the associated Apple Watch had been removed from the user's wrist.
{loadposition stephen08}macOS 10.12.3 addresses 12 vulnerabilities, including three in PHP and one in Vim. The others variously allowed maliciously crafted files to execute arbitrary code or obtain information about the memory layout. A solitary WebKit fix blocks a method that websites could exploit to open popups contrary to the user's settings.
More than 30 vulnerabilities have been fixed in watchOS 3.1.3, including the other side of the Auto Unlock issue, an issue that allowed existing files to be overwritten, and a flaw that could allow certificates to be incorrectly treated as trusted.
The dozen vulnerabilities addressed by tvOS 10.1.1 are generally common to one or more of Apple's other operating systems, with eight of them involving the potential for maliciously crafted files or web content to execute malicious code. The others involved issues such as privilege escalation and data exfiltration.
The changes aren't all about security.
macOS Sierra 10.12.3 is said to improve automatic graphics switching on the 15in October 2016 MacBook Pro, resolve graphics issues while encoding Adobe Premiere Pro projects on 13in and 15in MacBook Pro with Touch Bar, fix an issue that prevented the searching of scanned PDF documents in Preview and another regarding compatibility of PDF documents exported with encryption enabled, and fix an issue that prevented some third-party applications from correctly importing images from digital cameras.
For enterprise users, it also resolves an issue where network or cached user accounts (eg, Active Directory accounts) using the maxFailedLoginAttempts password policy were becoming disabled.
iTunes 12.5.5 provides "minor app and performance improvements" but there's no mention of security fixes.
New versions of Safari (10.0.3), iCloud for Windows (6.1.1) and iTunes for Windows (12.5.5) also arrived. The two Windows products incorporate certain functionality from Apple's operating systems, and so tend to be updated more or less simultaneously.
Safari 10.0.3 for Yosemite, El Capitan and Sierra provides fixes for 12 vulnerabilities, several of them also seen in one or more of the OS updates. One of the more interesting issues fixed previously allowed malicious websites to spoof the address bar, giving users a false sense of security.
iCloud for Windows 6.1.1 and iTunes for Windows 12.5.5 each include four WebKit fixes for issues that might be exploited to execute arbitrary code.
The updates can be variously obtained via the Mac App Store, Software Update, iTunes, the Apple Downloads page and the iTunes download page.