macOS High Sierra Supplemental Update Released for Mac Users
Apple has released the first supplemental update to macOS High Sierra 10.13, complete with bug fixes, improvements, and security fixes.
General release notes accompanying the supplemental update suggests the release includes improvements to stability, reliability, and security. Specifically, the update is said to “improve installer robustness” (it is unclear if this addresses the issue where some users are unable to download a complete macOS High Sierra installer without third party utility assistance), includes a fix for cursor graphics bugs when using Adobe InDesign, and resolves and issue with Mail app was unable to delete email from Yahoo accounts. Additionally, the update includes a security fix to address a problem where Disk Utility could be used to reveal the password of an encrypted AFPS volume, and the update also resolves a security bug relating to Keychain passwords. Complete security update release notes are below for those interested. The supplemental update is recommended for all macOS High Sierra users to install.
Mac users running macOS 10.13 High Sierra can find the update available to download and install now in the Mac App Store Updates section. The update is labeled as “macOS High Sierra 10.13 Supplemental Update”.
Note the supplemental update is separate from the beta versions of 10.13.1 currently under the beta testing programs.
Always back up a Mac before installing any system software update, including smaller bug fix updates like this macOS High Sierra Supplemental Update.
The complete security related supplemental update release notes are as follows:
macOS High Sierra 10.13 Supplemental Update
Released October 5, 2017
StorageKit
Available for: macOS High Sierra 10.13
Impact: A local attacker may gain access to an encrypted APFS volume
Description: If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints.
CVE-2017-7149: Matheus Mariano of Leet Tech
Security
Available for: macOS High Sierra 10.13
Impact: A malicious application can extract keychain passwords
Description: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.
CVE-2017-7150: Patrick Wardle of Synack
New downloads of macOS High Sierra 10.13 include the security content of the macOS High Sierra 10.13 Supplemental Update.
Separately, iPhone and iPad users can find iOS 11.0.2 available as an update, which also includes various bug fixes for that system software release, and watchOS 4.0.1 for Apple Watch is out as well.