El Capitan 10.11.6 security fixes, downloadable installers, and update notes

Apple has already released details of the security fixes which come as part of the OS X El Capitan 10.11.6 update, and in Security Update 2016-004 for Mavericks 10.9.5 and Yosemite 10.10.5.

Notable fixes include:

  • PHP in apache_mod_php is updated to version 5.5.36,
  • four vulnerabilities in Audio have been fixed,
  • two vulnerabilities in CoreGraphics have been fixed,
  • a memory corruption issue has been fixed in Graphics Drivers,
  • three vulnerabilities in ImageIO have been fixed,
  • multiple memory corruption issues have been fixed in the Intel Graphics Driver,
  • multiple memory corruption issues have been fixed in the kernel,
  • LibreSSL has been updated to version 2.2.7,
  • libxml2 and libxslt have had multiple fixes,
  • a Login Window vulnerability which could give a malicious app root privileges, has been fixed, as have three further vulnerabilities,
  • OpenSSL remains at version 0.9.8, but security fixes from 1.0.2h/1.0.1 have been backported to it,
  • four vulnerabilities in QuickTime have been fixed, involving crafted SGI files, Photoshop documents, FlashPix Bitmap Images, and images more generally,
  • a bug in Safari which could make a password visible on screen in AutoFill has been fixed,
  • Sandbox Profiles have been fixed so that local apps cannot access the process list.

These make the update important, and worth applying sooner rather than later. Here the install seemed to go quite well: there was a worrying period of a couple of minutes spent with a completely black screen, and a long burst of around 4000 log messages of
18/07/2016 22:51:21.500 helpd[743]: executeFetchRequest:error: A fetch request must have an entity.

I did restart once everything had settled, and that looked fairly clean in the logs.

Judging by the number of “memory corruption issues” which have been fixed in deep and sensitive parts of OS X, there must be a fighting chance that 10.11.6 might reduce the frequency of freezing, on those systems so affected. Well, we’ll see – there isn’t much else to do other than wait for macOS Sierra.

Apple has already made the Combo updater for 10.11.6 available here, and the Delta updater here.