Released at the same time as macOS Sierra, Safari 10 is available for OS X Yosemite 10.10.5 and El Capitan 10.11.6.
It fixes nine security issues in Safari, including a universal cross-site scripting vulnerability, address bar spoofing, sensitive data leakage, and DNS rebinding to allow cross-protocol exploitation of non-HTTP services. This update is available through the App Store.
macOS Server 5.2 – as it has now been rebranded – is an update intended for improved compatibility with macOS Sierra. It also contains two security fixes, which removes RC4 as a supported cipher in ServerDocs Server, and fix handling of the HTTP_PROXY environment variable in apache. This update is available from the App Store.
macOS Sierra version 10.12 addresses a very long list of vulnerabilities and other issues in OS X 10.11.6, including
- PHP in apache is updated to 5.6.24
- a user with screen sharing access could view another user’s screen
- curl is updated to 7.49.1
- six different kernel bugs
- a validation issue in signed disk images.
As these are all vulnerabilities identified in El Capitan 10.11.6, Apple is expected to release security update 2016-002 for El Capitan in the near future.