macOS High Sierra 10.13.6 update, Sierra and El Capitan Security Updates 2018-004 now available

Apple has released macOS High Sierra 10.13.6 update, and the 2018-004 security updates for Sierra and El Capitan.

The major new feature for 10.13.6 is AirPlay 2 multi-room audio support for iTunes. There are two bugs fixed:

  • Photos should now recognise AVCHD media from more cameras,
  • Mail users should now be able to move a message from Gmail to another account.

Safari is updated to version 11.1.2, with security fixes including a couple of spoofing vulnerabilities. Further details of fixes to Safari are here.

The list of security fixes is quite short. Among those are: a memory corruption bug in APFS; one kernel bug with Lazy FP state, and a couple of bugs in libxpc.

In El Capitan and Sierra, there are few security fixes, including: a malicious app could break out of its sandbox (CoreCrypto), and a Sierra bug in which DesktopServices could reveal sensitive user info. However, yet again Apple seems to have replaced large numbers of files in /Library and /System/Library, including pretty well all extensions, at least in Sierra.

Full details of security fixes are here.

For most recent Mac models, these updates bring EFI firmware updates too. I have now updated my listing of EFI firmware versions to those current in 10.13.6.

As usual, the updates are available from the App Store, with standalone updates available from:

  • here for High Sierra 10.13.6 (1.88 GB)
  • here for the Combo update for High Sierra 10.13.6 (2.49 GB)
  • here for Sierra Security Update 2018-004
  • here for El Capitan Security Update 2018-004.

I have now posted my analysis of what these updates change.