The worst threat in the pack was located in Libsystem and would’ve allowed arbitrary code execution. Additional vulnerabilities have been identified and are now fixed in Adobe Flash, BOM, (Bill of Materials), CoreGraphics, Podcast Producerand various other software.
Another rather dangerous flaw had been patch in Apple’s Safari browser. The unpatched version allows hackers to steal cookies used to authenticate on a sensitive website, such as the site of a bank. Apple’s advisory reads:
"Safari allows web sites to set cookies for country-specific top-level domains, which may allow a remote attacker to perform a session fixation attack and hijack a user’s credentials. This update addresses the issue by performing additional validation of domain names."
The complete patch up facts sheet is available right here.