What’s new in Sierra Security Update 2018-003?

At about 777 MB, Security Update 2018-003 for Sierra looks very substantial. So what’s inside it?

Security updates detailed by Apple are relatively few, and include:

  • an information disclosure in Bluetooth’s device properties,
  • vulnerability to crafted fonts,
  • two kernel vulnerabilities.

Apps updated include: Safari (11.1.1), Bluetooth File Exchange, Grapher, Keychain Access and Certificate Assistant, and Terminal. The Spotlight app has also been updated to build 243, but remains at version 1.0. Many command tools in /usr/bin and /usr/sbin have been updated, although their functionality may of course remain unchanged.

Safari 11.1.1 fixes two vulnerabilities in Safari itself, and nine in WebKit – exactly the same in Sierra as in High Sierra.

Most kernel extensions are replaced with new versions, which account for much of the size of the update, and APFS support tools are updated, although the version of APFS remains unchanged. APFS in Sierra appears as incompatible with that in High Sierra as it has been since the release of High Sierra.

A large part of this security update is taken up by EFI firmware updates. These should increment the reported Boot ROM version of almost every Mac, and are identical to those for High Sierra. Further details are in my full listing of version numbers.