High Sierra “Supplemental Update” now available (updated)

Apple has released a “supplemental update” for macOS High Sierra 10.13 from the App Store.

According to the extremely brief release notes, this improves the robustness of the installer, fixes a cursor graphics bug when using Adobe InDesign (presumably CC), and resolves an issue with the deletion of email messages from Yahoo accounts accessed using Mail.

This also fixes two of the glaring security issues in 10.13: it addresses the password bug in Disk Utility, detailed here, and prevents malicious apps from extracting keychain passwords, a bug reported by Patrick Wardle.

It is 915 MB in size, so clearly does more than the release notes let on. Let’s hope that it provides a real, fully-functional version of Disk Utility, rather than a comedy version.

The installer deletes itself after installation. If you want to keep a copy to apply to other High Sierra systems, you must quit it before your Mac restarts, make a copy, and run it again.

The installation process is straightforward, with a single startup chime, and a couple of white-on-black progress bars before a grey screen appears, and you can eventually log back in.

The installer is offered in the App Store only if you are running High Sierra. If you have a dual-boot system, you will need to restart in High Sierra before you can see or download it. If you are running Sierra (or earlier), you can now download an updated High Sierra installer complete with the ‘supplemental update’ applied, at a mere 4.8 or more like 5.2 GB complete. As with Sierra, once you have downloaded High Sierra it does not appear in your Purchased tab.

You can also download a standalone installer from this Apple link.

Following installation, the version number reported remains macOS 10.13, with a build number of 17A405. Oddly, it lists itself twice in the Installations list.

The only apps updated appear to be Safari, Mail, Disk Utility, and Keychain Access. Disk Utility remains at version 17.0, but with a build number of 1626. I can confirm that it fixes the password bug.