![\"Apple](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/apple-security-news-december-2017.jpg\")
<\/p>\n<\/p>\n
The final month of 2017 has come and gone, and for those of us who love a good security story, December didn’t leave us disappointed. Read on for details about the top Apple-focused security news of the month.<\/p>\n
On New Year’s Eve, a security researcher going by the name Siguza publicly disclosed the full details<\/a> of a local privilege escalation vulnerability that had allegedly been present in versions of macOS for at least the past 15 years.<\/p>\n In order for an attacker to take advantage of the bug (dubbed “IOHIDeous”), they would reportedly<\/a> either need local access to a victim’s Mac, or to have previously compromised a victim’s Mac.<\/p>\n IOHIDeous logo. Image credit: Siguza<\/a><\/p>\n Once the bug has been successfully exploited, an attacker would gain root privileges\u2014full administrative control over the victim’s Mac.<\/p>\n Although the flaw itself is\u00a0entirely\u00a0different, it’s similar to last month’s “I Am Root” vulnerability<\/a> in the sense that it could allow a local attacker to gain root privileges\u00a0on\u00a0a victim’s Mac.<\/p>\n Apple will likely release a new version of macOS High Sierra that fixes IOHIDeous within the coming weeks.<\/p>\n It remains to be seen whether\u00a0macOS Sierra or El Capitan will also receive updates. Older versions of macOS (OS X) are not expected to receive any security updates.<\/p>\n In short, if your Mac is capable of running macOS High Sierra (here’s how to find out<\/a>), now’s a good time to upgrade<\/strong>.<\/p>\n Apple\u00a0released security updates<\/a> for virtually every\u00a0one of its products during the month of December:<\/p>\n See also\u00a0our articles from earlier\u00a0in December for further details on Apple’s security updates:<\/p>\n![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/iohideous-logo.png\"){kind=logo}
<\/p>\nApple Updates Everything (Even AirPort)<\/h3>\n
\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/meltdown-92x150.png\")
*As is often the case, Apple\u00a0chose not to fix all of vulnerabilities in the two previous versions of macOS, Sierra and El Capitan. For example,\u00a0Apple updated their support article<\/a>\u00a0in early January to reveal that the Meltdown vulnerability<\/a> was only patched for macOS High Sierra, not for Sierra or El Capitan.<\/p>\n![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Apple-AirPort-Extreme-802.11ac-150x150.png\")
The most surprising update was new firmware for AirPort wireless base stations<\/strong>, which until December 12 had remained vulnerable to Broadpwn<\/a> and KRACK<\/a>, two serious vulnerabilities\u00a0that had been known to the public for months.<\/p>\n