There's nothing unusual about iOS - or OS X - updates including security fixes. But sometimes the list of vulnerabilities addressed is longer than others, and iOS 9.1 is a case in point - it clears up almost 50 CVE items covering many aspects of the operating system.
18 of the 49 issues were discovered by Apple. Among the other organisations contributing multiple items to the bug list were Yahoo (12), Google (three), and PanguTeam (two).
Most of the vulnerabilities had the potential for serious exploitation, as they could allow arbitrary code execution by visiting a malicious web page, opening a malicious document, using a malicious font, displaying a maliciously crafted image
As usual, Apple patched the vulnerability that allowed the jailbreak for iOS 9.0 to work. The cat and mouse game will no doubt continue.
The subsystems patched in iOS 9.1 are Accelerate Framework, Bom, CFNetwork, configd, CoreGraphics, CoreText, Disk Images, FontParser, GasGauge, Grand Central Dispatch, Graphics Driver, ImageIO, IOAcceleratorFamily, IOHIDFamily, Kernel, Notification Center, OpenGL, Security, Telephony, and WebKit.
Non-security changes in iOS 9.1 include improvements to Live Photos and additional emoji.
Some of the above issues are addressed in watchOS 2.0.1, which also deals with an issue that in some circumstances allowed a EFTPOS terminal to retrieve transaction information from Apple Pay.