Apple makes macOS High Sierra 10.13 safe again with emergency 'Supplemental Update'
Since macOS is a Unix-based operating system, it is often seen as being stable and secure. For the most part, the OS is. With that said, it is not perfect, and certainly not infallible. Quite frankly, no operating system is impervious to security issues.
Unfortunately for Apple, its latest and greatest desktop operating system, macOS High Sierra 10.13, has some very serious flaws. First, it was discovered that the supposedly secure keychain password system could be easily infiltrated by malware. Arguably worse, it was then discovered that encrypted APFS disks had their passwords erroneously saved in plain text in the "hint" field. Yeah, that is not only bad, but embarrassing too. Both of these issues were patched today, however, with the emergency "Supplemental Update."
Apple shares the details of these two flaws and their associated fixes below.
StorageKit
Available for: macOS High Sierra 10.13
Impact: A local attacker may gain access to an encrypted APFS volume
Description: If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints.
CVE-2017-7149: Matheus Mariano of Leet Tech
Security
Available for: macOS High Sierra 10.13
Impact: A malicious application can extract keychain passwords
Description: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.
CVE-2017-7150: Patrick Wardle of Synack
In addition to the above security issues, Apple improved the "robustness" of the High Sierra installer -- whatever that means. The company also patched a bug that prevented Yahoo email messages from being deleted in the default Mail app. Plus, it fixed some sort of a cursor bug when using Adobe Indesign.
Once you apply the update, your operating system version will be listed as macOS 10.13 (17A405). To verify this, go to "About this Mac," and click on "System Report." Lastly, scroll down in the left column and click on "Software."
Photo Credit: Zoom Team / Shutterstock