It's a mystery to me why the FreeBSD folks don't publish this better (for example, a mention on http://www.freebsd.org/security/ doesn't seem unreasonable), but FreeBSD has an easy to use system for updating the base system:
# freebsd-update fetch
Review the changes to be applied, then
# freebsd-update install
If there's a new kernel in there then you should reboot. That's it. Not quite sure when this was fully integrated into the base OS, I'm only an occasional FreeBSD user, you used to have to install a few ports to get this working.
Even their official security advisories don't mention this, instead referring to PITA methods of patching and building from source. I installed the OS via pre-built binaries, why would I then update by patching the source? Sigh.