The latest version of macOS (High Sierra) brings new forward-looking technologies and enhanced features. On October 5 Apple released a supplemental update for macOS High Sierra 10.13 with bug fixes and improvements to stability, reliability and security of Mac.
The update mainly addresses two important issues. The first vulnerability (CVE-2017-7149) is an issue with APFS that may allows a local attacker to gain access to an encrypted APFS volume. Apple says that if a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. Now this bug has been fixed by clearing hint storage if the hint was the password and by improving the logic for storing hints.
The second vulnerability (CVE-2017-7150) is a Keychain issue widely reported late last Month. Patrick Wardle, chief security researcher at Synack, firstly revealed this bug, and he offered a video demonstration to show that a malicious application is able to extract passwords stored in Keychain without needing the master password. Now this bug has been addressed in the update by requiring user password when prompting for keychain access.
The release notes lists three specific bug fixes in this update:
- Improves installer robustness;
- Fixes a cursor graphic bug when using Adobe InDesign;
- Resolves an issue where email messages couldn’t be deleted from Yahoo accounts in Mail.
All macOS High Sierra users are suggested to install the update for security purpose. To update High Sierra on your Mac, open the Mac App Store, and head to the Update tab. The App Store will check for available updates, and once the update for High Sierra appears in the listing, click the Update button for it to start the download and installation.
macOS High Sierra 10.13 officially rolled out on Sept 25. Apple now is working on macOS 10.13.1 update and the second beta has been issued to developers last week.