macOS Sierra 10.12.4 update now available, and El Cap and Yosemite security updates

Apple has released the update to macOS Sierra 10.12.4, together with app updates for MainStage 3, Pages, Numbers, Keynote, and Xcode, and Security Update 2017-001 for El Capitan, and for Yosemite.

Sierra 10.12.4 adds Night Shift to adjust the colour balance of supported displays according to the time of day, adds Siri support for cricket scores, and adds Dictation support for Shanghainese.

Bugs addressed include several in PDFKit, which should improve PDF rendering and annotation in Preview, and no doubt fix a range of problems in third-party apps. There are also some fixes for Mail, which increase the visibility of the subject line in Conversation View, and make content in messages more likely to be shown correctly. Several improvements and fixes have been included with respect to enterprise features too.

Security fixes include: update of Apache to 2.4.25, PHP to 5.6.30, LibreSSL to 1.17.0, OpenSSH to 7.4, tcpdump to 4.9.0, and LibTIFF to 4.0.7. It fixes vulnerabilities in AppleRAID, Audio, Bluetooth, CoreText, FontParser, iBooks, ImageIO, IOFireWire, and WebKit.

This releases appears to fix the known vulnerability in SIP too. No less than eight vulnerabilities in the kernel and five in security have also been fixed. Interestingly a vulnerability which had allowed a malicious Thunderbolt adaptor to recover the FileVault 2 encryption password has been fixed, perhaps to the disappointment of some government intelligence agencies?

The download, in the App Store, is 1.56 GB, which suggests that a lot more bugs and other issues have been fixed – it replaces roughly a third of the macOS installation in all.

A standalone incremental updater is available here, and is 1.79 GB in size, and a Combo updater is now available from here.

The installation appears fairly smooth, and on this iMac17,1 took a total of 12.5 minutes once it started. However, some new MacBook Pro models with the Touch Bar can fail to complete the update, crashing during updating of the Touch Bar firmware. This can result in kernel panics, or even infinite boot loops. This is reported in detail on jamf Nation, and summarised in my list of bugs in 10.12.4.

The initial progress bar started with 27 minutes to go, but was replaced by a black screen after only 3 minutes. After a short interval with just that black screen was the first startup chime, followed by a return of the progress bar. This was replaced by a second black screen, then a second startup chime. After that the final progress bar appeared, which started with the display of Completing installation and 23 minutes remaining. That last segment was the slowest, but was finally replaced with the Finder and Desktop without any fresh login.

Your mileage will vary, of course, but this doesn’t seem to be a painfully slow or worrysome update so far.

(Updated 31 March 2017.)