What’s in Sierra Security Update 2018-002?

The following components of macOS Sierra 10.12.6 have been updated in Security Update 2018-002 released on 29/30 March 2018:

  • Bluetooth File Exchange
  • Grapher
  • Keychain Access
  • Terminal
  • Audio Plug-Ins (in /Library)
  • WebServer (in /Library)
  • Dictionary Widget
  • Automator, various actions
  • several Core Services, including AirPlay, RAID Utility, Screen Sharing, Wireless Diagnostics, Certificate Assistant, ControlStrip, DiskImageMounter, Network Setup Assistant, SetupAssistant, backupd
  • most kernel extensions in /System/Library.Extensions
  • APFS, which is brought to version 0.3 (24907), and other file systems
  • many frameworks in /System/Library/Frameworks, particularly ATS, with Ruby 2.0 and Perl 5.16 and 5.18
  • several Preference Panes
  • many private frameworks
  • QuickTime
  • several tools in /sbin, many in /bin including curl, hdiutil, log, perl, and many in /usr/libexec
  • several dylibs in /usr/lib
  • Apache 2
  • CUPS and postfix
  • many tools in /usr/sbin
  • emacs 22.1.

As is usual, these extend well beyond the short list of security fixes provided by Apple.

Installed separately at the same time is an update of the Gatekeeper database to version 138 dated 29 March 2018.

Additionally, EFI firmware updates are installed for all Macs, incrementing the reported Boot ROM version. This iMac17,1 went from 0147 B00 to 0151 B00. I have now updated my list of EFI firmware versions to reflect these changes.

Apple doesn’t explain what has changed in the EFI updates; from reports during 10.13.4 beta-testing, these are very likely to include further fixes for Meltdown/Spectre vulnerabilities.

Although a separate download, Safari 11.1 also brings several improvements and fixes.