macOS High Sierra 10.13.4, Sierra and El Cap Security Update 2018-002, and Safari 11.1 released (updated)

Overnight (UTC), Apple has released the update to High Sierra 10.13.4, Safari 11.1, and security updates to El Capitan and Sierra.

Fixes and improvements to High Sierra include:

  • adds support for eGPUs (external graphics processing units), although these are currently only usable by specific hardware and specific apps;
  • adds Business Chat to Messages (currently US-only);
  • adds a new privacy explainer when Apple features prompt for personal info;
  • fixes graphics issues in certain apps on iMac Pro models;
  • fixes web link previews in Messages;
  • several improvements to Safari, including jump to rightmost tab with Command-9 shortcut;
  • System Image Utility can now create NetInstall images that erase and install macOS to a named target volume.

There is no mention of any extension of APFS support to include Fusion Drives, and the APFS documentation no longer makes any reference to Fusion Drives, which appears ominous.

I will look in detail at the complete content of the 10.13.4 update in a future article.

Important security fixes include:

  • sysadminctl no longer exposes passwords;
  • ATS vulnerability to crafted symlinks;
  • CoreText vulnerability to crafted strings;
  • mounting a malicious disk image could result in app launching;
  • five kernel vulnerabilities, including two affecting 10.11 and 10.12 as well as 10.13;
  • malicious apps could bypass code-signing checks;
  • handling of malicious S/MIME HTML email;
  • malicious logging of keystrokes in WindowServer;
  • Gatekeeper data is updated to version 138.

All Macs should undergo EFI update with this installation. Updating Sierra typically brings two complete chimed restarts, and is quite a lengthy process. No mention is made by Apple of the EFI firmware update, nor do the security release notes explain that further fixes are included there, although they are believed to address Meltdown/Spectre issues.

I have now updated my list of EFI firmware versions to reflect these changes.

Unusually, these updates were not released simultaneously with the corresponding iOS and other updates, but were delayed by several hours. I have now confirmed that 10.13.4 does fix recently-reported issues with unintentional release of APFS encryption passwords in the log.

As usual, the updates are available from the App Store. Standalone updates are also now available from:

  • here for High Sierra 10.13.4
  • here for the Combo update for High Sierra 10.13.4
  • here for Sierra Security Update 2018-002
  • here for El Capitan Security Update 2018-002

The latter were not made avilable until 1200 UTC 30 March.

(Updated again 1550 UTC 30 March to include EFI update info.)