OS X 10.11.3 fixes nine vulnerabilities in the Mac operating system, most of which had the potential to allow the execution of arbitrary code with kernel privileges.
One of them was remotely exploitable by a maliciously crafted web page.
The corresponding security updates are also available for older but still supported OS X releases as Security Update 2016-001 Yosemite and Security Update 2016-001 Mavericks.
Also available is Safari 9.0.3 for El Capitan (normally installed as part of the 10.11.3 update) and for Yosemite and Mavericks.
It addresses six vulnerabilities. Five - all discovered by Apple - may allow malicious web sites to trigger the execution of arbitrary code.
The sixth - discovered by an anonymous researcher - made it possible for sites to discover whether the user had visited a given link thanks to inadequate validation in the handling of the "a:visited button" CSS selector.
Earlier versions of Safari for Mountain Lion its predecessors have not been patched. While those operating systems are themselves unsupported and therefore no longer receiving security updates, it would seem sensible to minimise the risk by switching to a currently supported browser such as Firefox.
Turning to iOS, the 9.2.1 update addresses a similar set of issues to OS X 10.11.3, the CSS flaw from Safari 9.0.3, and an iOS-specific issue that made it possible for captive portals to access cookies.
iOS 9.2.1 can be installed via Settings>General>Software Update, or via iTunes on a computer.