macOS High Sierra 10.13.4, Sierra and El Cap Security Update 2018-002, and Safari 11.1 released (updated)

Overnight (UTC), Apple has released the update to High Sierra 10.13.4, Safari 11.1, and security updates to El Capitan and Sierra.

Fixes and improvements to High Sierra include:

adds support for eGPUs (external graphics processing units), although these are currently only usable by specific hardware and specific apps;
adds Business Chat to Messages (currently US-only);
adds a new privacy explainer when Apple features prompt for personal info;
fixes graphics issues in certain apps on iMac Pro models;
fixes web link previews in Messages;
several improvements to Safari, including jump to rightmost tab with Command-9 shortcut;
System Image Utility can now create NetInstall images that erase and install macOS to a named target volume.

There is no mention of any extension of APFS support to include Fusion Drives, and the APFS documentation no longer makes any reference to Fusion Drives, which appears ominous.

I will look in detail at the complete content of the 10.13.4 update in a future article.

Important security fixes include:

sysadminctl no longer exposes passwords;
ATS vulnerability to crafted symlinks;
CoreText vulnerability to crafted strings;
mounting a malicious disk image could result in app launching;
five kernel vulnerabilities, including two affecting 10.11 and 10.12 as well as 10.13;
malicious apps could bypass code-signing checks;
handling of malicious S/MIME HTML email;
malicious logging of keystrokes in WindowServer;
Gatekeeper data is updated to version 138.

All Macs should undergo EFI update with this installation. Updating Sierra typically brings two complete chimed restarts, and is quite a lengthy process. No mention is made by Apple of the EFI firmware update, nor do the security release notes explain that further fixes are included there, although they are believed to address Meltdown/Spectre issues.

I have now updated my list of EFI firmware versions to reflect these changes.

Unusually, these updates were not released simultaneously with the corresponding iOS and other updates, but were delayed by several hours. I have now confirmed that 10.13.4 does fix recently-reported issues with unintentional release of APFS encryption passwords in the log.

As usual, the updates are available from the App Store. Standalone updates are also now available from:

here for High Sierra 10.13.4
here for the Combo update for High Sierra 10.13.4
here for Sierra Security Update 2018-002
here for El Capitan Security Update 2018-002

The latter were not made avilable until 1200 UTC 30 March.

(Updated again 1550 UTC 30 March to include EFI update info.)

5Comments

Add yours

1

Antony Gordon on March 30, 2018 at 11:53 am

Thanks for all the ever useful information. For information, the new Sierra update seems to have bricked my mid 2013 MacBook Pro. It hangs on a completed startup progress bar, not fixed by further restart attempts.

LikeLike
- 2
  
  hoakley on March 30, 2018 at 12:57 pm
  
  Sorry to hear that: you may find this article helpful.
  I wish you success,
  Howard.
  
  LikeLike
3

Antony Gordon on March 31, 2018 at 10:02 am

Thanks for your helpful reply. For information, after calls to Apple support it resulted in an unsuccessful OS reinstall followed by a HD reformat and reinstall and I’m still waiting for it to complete realigning with iCloud … and wondering whether to accept the proffered security update (again). Maybe I’ll just make a bootable Sierra copy to run FileMaker Pro 12 for which I can’t justify update cost and go to High Sierra …

LikeLiked by 1 person
- 4
  
  hoakley on March 31, 2018 at 10:06 am
  
  It might be worth your while making an appointment at a Genius Bar, perhaps.
  Howard.
  
  LikeLike
  - 5
    
    Antony Gordon on March 31, 2018 at 10:10 am
    
    Thanks again. 🙂
    
    LikeLiked by 1 person

Share this:

Related