Every so often after a major operating system update, Apple releases a supplemental update to sort things out.
This is one of those times.
On Thursday, Apple released macOS High Sierra 10.13 Supplemental Update. The update, a 915 megabyte download through the App Store’s “Update” tab, fixes two important security flaws, one of which was just recently publicized. It also addresses three relatively minor bugs in macOS High Sierra.
Per Apple’s patch notes, the macOS High Sierra 10.13 Supplemental Update offers the following fixes:
Improves installer robustness
Fixes a cursor graphic bug when using Adobe InDesign
Resolves an issue where email messages couldn’t be deleted from Yahoo accounts in Mail
Security patch notes for macOS High Sierra 10.13 Supplemental Update
StorageKit
Apple has also released the following notes for the two security issues the Supplemental Update addresses:
Security
Available for: macOS High Sierra 10.13
Impact: A local attacker may gain access to an encrypted APFS volume
Description: If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints.
CVE-2017-7149: Matheus Mariano of Leet TechSecurity
Available for: macOS High Sierra 10.13
Impact: A malicious application can extract keychain passwords
Description: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.
CVE-2017-7150: Patrick Wardle of Synack
New downloads of macOS High Sierra 10.13 include the security content of the macOS High Sierra 10.13 Supplemental Update.
If you’ve tried the Supplemental Update and have any feedback to offer, please let us know about your experience in the comments.
Via The Mac Observer