To fix a recently discovered zero-day flaw across the range of Apple operating systems a series of Rapid Security Response (RSR) updates:
Apple Rapid Security Update Patches Three Exploited Vulnerabilities – SANS Internet Storm Center
The flaw was discovered in WebKit browser engine developed by Apple used across the OS range, hence iPhones, Macs, and iPads need patching.
Apple’s RSR updates serve the same as Microsoft’s Out-of-Band (OOB) updates, addressing security flaws or other major issues that cannot wait until the next major or regular scheduled update.
Even if automatic updates is on, check to make sure the updates are done.
Clive Catton MSc (Cyber Security) – by-line and other articles