On top of releasing iOS 11.3.1 this morning, Apple has also pushed out a security update for macOS High Sierra 10.13.4 (2018-001), which “is recommended for all users and improves the security of macOS”.
Below are the security fixes as noted in Apple’s documentation on the update, which note it fixes a bug where an app could “gain elevated privileges” and also a bug related to UI spoofing from a “maliciously crafted text message”:
Crash Reporter
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved error handling.
CVE-2018-4206: Ian Beer of Google Project Zero
LinkPresentation
Available for: macOS High Sierra 10.13.4
Impact: Processing a maliciously crafted text message may lead to UI spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
CVE-2018-4187: Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_)
You can download this latest security update by going to the Mac App Store and clicking on the Updates tab.
