Apple releases a supplemental update for macOS High Sierra

Today, Apple released a supplemental update for devices running macOS 10.13 High Sierra, bringing the build number to 17A405. It's the first update that the OS has received since it was released on September 25, although macOS 10.13.1 is currently in beta.

The update contains a couple of security fixes:

StorageKit

Available for: macOS High Sierra 10.13

Impact: A local attacker may gain access to an encrypted APFS volume

Description: If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints.

CVE-2017-7149: Matheus Mariano of Leet Tech

Security

Available for: macOS High Sierra 10.13

Impact: A malicious application can extract keychain passwords

Description: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.

CVE-2017-7150: Patrick Wardle of Synack

It seems likely that this will be the only update that's made available for the OS until version 10.13.1 High Sierra is released to the public. If you're currently running the beta, you'll probably have to wait until the next build - which will likely be made available next week - to get these security fixes.

As always, you can update your Mac through the Updates tab in the Mac App Store, or you'll get this build automatically if you're only upgrading to High Sierra now.

Report a problem with article
Next Article

Microsoft announces its Connect(); 2017 developer event

Previous Article

Opera 49 Beta is out now with selfie and snapshot tools

3 Comments - Add comment

Advertisement