Apple has released macOS Mojave version 10.14.3, together with Security Update 2018-001 for High Sierra and Sierra.
The Mojave update is again substantial, around 2.3 GB (standalone 1.99 GB), despite Apple giving no details whatsoever of its changes, apart from one improvement to Kerberos authentication which is mainly of interest to enterprise users.
Some of the more significant security fixes include: remote initiation of FaceTime calls, six kernel bugs (five of which affect all three supported versions of macOS), and a vulnerability to crafted SQLite queries.
Full details of security fixes are given here.
This update also bring Safari 12.0.3, which has several security fixes to WebKit, but still cannot open local HTML files without error.
For T2-equipped Macs, this brings an EFI firmware update, taking the iMac Pro (at least) to version 184.108.40.206.0 and iBridge: 16.16.3133.0.0,0. There don’t appear to be any other new EFI firmware updates included.
There is also a Gatekeeper update which has been pushed at the same time. The main updates don’t include that: you must download and install the Gatekeeper update after update macOS.
Note that there was a problem in getting the 10.14.3 Combo updater to work on some versions of Mojave: see the comment below. Hopefully Apple has fixed that (or very shortly will).
(Update 5, posted 1653 UTC 23 January 2019)