This attack, called Logjam, can be fixed on either side of a connection: either with improved browsers and email clients or, in the case of Apple, improved core software (coreTLS, in this case) that handles encryption; or with upgrades to servers.
While websites have been fixing their end, Apple removes this vulnerability from hundreds of millions of devices and computers at one go.
It's not surprising that this release coming so close on the heels of the inter-application exploits disclosed June 17 lacks any fixes for them, but Apple said that it had already closed down some behavior on the server side.
The exploits also require the ability to submit malicious software to the App Store, which Apple is obviously now scanning for. A future update will conceivably address the flaws more comprehensively.
Sign up for CIO Asia eNewsletters.