Shortly after we reported the arrival of iOS 9.3.5, we discovered that the reason behind his release: an spyware that infected the device with the simple task of visiting a link.
Called Pegasus, O spyware exploited a flaw in Safari's WebKit and left the entire merc crackers, who could access personal information and even the camera and microphone of the device. As it was a flaw in Safari's rendering engine, Apple added two to two and discovered the same vulnerability in Safari's OS X and already released a correction for that yesterday, for both OS X El Capitan and OS X Yosemite.
On a support page, Apple details the corrections made to the Safari 9.1.3 (which is installed in the security update), stating that a memory corruption issue has been resolved in order to prevent anyone from visiting a website with malicious codes that could lead to the execution of an arbitrary code.
As for OS X Yosemite and OS X El Capitan itself, Apple reported that ?a validation issue has been addressed through improved sanitization improvements?, preventing an application from being able to expose the core's memory (kernel).
We are talking about very serious flaws, so it is essential that you update your operating system immediately in order to prevent this type of attack just like on iOS, Apple credits the findings of the flaws to Citizen Lab and Lookout.