macOS High Sierra 10.13 Supplemental Update Out, Fixes Two Security Vulnerabilities

Apple has released a macOS High Sierra 10.13 Supplemental Update, which is recommended for all macOS users as it contains stability, reliability and security improvements for your Mac. The update includes the following:

  • Improves installer robustness
  • Fixes a cursor graphic bug when using Adobe InDesign
  • Resolves an issue where email messages could be deleted from Yahoo accounts in Mail.

Screenshot 2017 10 05 10 31 30

According to Apple’s security update notes, this update address vulnerabilities to StorageKit, where “A local attacker may gain access to an encrypted APFS volume,” discovered by Matheus Mariano of Leet Tech a week ago.

Description: If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints.

Another security fix addresses how “A malicious application can extract keychain passwords,” as reported by Patrick Wardle of Synack.

Description: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.

The update requires a restart of your Mac—you can install it by launching the Mac App Store and going to the Updates tab.