![\"Apple](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/01\/Apple-Security-Update-Header.png\")
<\/p>\n<\/p>\n
Last week, Apple released updates for all of its current operating systems and Safari web browser, as well as security updates for macOS Sierra and OS X El Capitan. These updates came with new features, functionality and security fixes and enhancements.<\/p>\n
The following guide\u00a0details\u00a0what new features each updates includes, the bugs addressed\u2014including patches for the APFS volume password bug<\/a> and the QR code scanning bug<\/a>\u2014and where you can download each software update.<\/p>\n Apple’s new macOS High Sierra 10.13.4 is listed as an update that improves the stability, performance, and security of your Mac. Following\u00a0are the bug fixes and new features included in macOS High Sierra 10.13.4:<\/p>\n The sorting of Safari bookmarks is a new feature that\u00a0many Apple pro users have anticipated for\u00a0nearly 15\u00a0years (about time!), as well as support for external graphics processors (eGPU’s). Unfortunately, Apple put some restrictions on their final implementation, such as compatibility only with Thunderbolt 3. There are ways around this<\/a>,\u00a0if you wish to experiment with these new features. The displaying of privacy icons is something I will touch on later, below.<\/p>\n As for security related fixes, macOS High Sierra 10.13.4 patches\u00a031 bugs. These include:<\/p>\n System Preferences <\/p>\n WindowServer <\/p>\n APFS <\/p>\n Disk Management <\/p>\n LinkPresentation Apple addressed 5 security flaws in the\u00a0Kernel, Intel and NVIDIA graphics drivers also received attention,\u00a0and Mail received 2\u00a0fixes as well.\u00a0On the\u00a0APFS volume password issue, you may recall\u00a0this article<\/a>\u00a0on the Mac Security Blog, where Intego\u00a0pointed out an issue in which\u00a0encrypted volume passwords were stored\u00a0in logs in plaintext. This bug appears to have been fixed with macOS High Sierra 10.13.4. However, as Howard Oakley pointed out<\/a>, passwords that were already stored in logs are still there! Check out his article for tips on what to do if you think this bug may have affected you.<\/p>\n macOS 10.13.4 is also the first update that can now be applied to all compatible and supported Apple systems. This means no more separate downloads are needed for iMac Pro users.<\/p>\n Also released were security updates for macOS 10.12 Sierra and OS X 10.11 El Capitan. In these security updates, Apple addressed\u00a015 issues\u00a0impacting\u00a0the older operating systems.<\/p>\n For the full list of security bugs\u00a0addressed by these updates, have a look here<\/a>. For the complimentary list of components and macOS High Sierra 10.13.4, Security Update 2018-002 Sierra\u00a0and\u00a0Security Update 2018-002 El Capitan, you can download them from\u00a0the App Store<\/strong> under the Updates tab<\/strong>. You can also download the updates from Apple’s website, here:<\/p>\n As always, when downloading software from any website, even a trusted one, make sure to verify the download before installing. Apple has guidelines on this that can be found here<\/a>. All updates should include a firmware update, so you can expect your Mac to restart twice before the installation completes. Classic Mac Pro (pre-2013) users may have to run the Combo update for the firmware update to show. No details have been released about the firmware updates, but the common speculation is that it provides additional Meltdown\/Spectre patches.<\/p>\n Available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation, the new iOS 11.3 fixes 44 security issues. iOS 11.3 also introduces new features, including:<\/p>\n The full list of new features\u00a0can be found\u00a0here<\/a>.<\/p>\n The security fixes contained in iOS 11.3 include:<\/p>\n Find My iPhone iCloud Drive Mail Safari Note that one of the bugs mentioned in the macOS list above was an issue with LinkPresentation; this was also fixed in iOS 11.3. Although Apple doesn’t mention QR codes, this is apparently Apple’s fix for the issue we wrote about recently, where scanning QR codes with Apple’s Camera app could display the incorrect URL<\/a>\u00a0rather than the actual URL to which you would be taken.<\/p>\n iOS 11.3 also addresses 3 Kernel issues, 2 Telephony bugs\u00a0(one of which could cause an SMS to unexpectedly restart the phone), and many WebKit flaws.<\/p>\n The full list of security issues patched in iOS 11.3\u00a0can be found here<\/a>. iOS 11.3 can be downloaded over the air by going to Settings<\/strong> > General<\/strong> > Software Update<\/strong>. You can also connect your iOS device to your Mac and let iTunes do the update for you.<\/p>\n Available for all Apple Watch models, watchOS 4.3\u00a0contains new features, improvements and bug fixes. These include:<\/p>\n The security issues addressed are much the same as those patched\u00a0in iOS 11.3. The full list of security issues addressed can be found here<\/a>. watchOS 4.3 can be installed by connecting the watch to its charger, then on your\u00a0iPhone open the Apple Watch app<\/strong> > My Watch tab<\/strong> > General<\/strong> > Software Update<\/strong>.<\/p>\n Available for Apple TV 4K and Apple TV (4th generation), tvOS 11.3\u00a0includes new features and functionality:<\/p>\n As with watchOS, the security issues addressed are much the same as those in iOS 11.3. The full list of security issues addressed can be found here<\/a>. The tvOS update can be downloaded directly from the Apple TV by going to Settings<\/strong> > System<\/strong> > Update Software<\/strong>.<\/p>\n Included in macOS 10.13.4 and iOS 11, and also available for macOS 10.12.6 and 10.11.6, most of the changes found in the new Safari 11.1 are made under the hood. These include:<\/p>\n The security release notes show that 23 issues were\u00a0addressed in Safari 11.1, mostly\u00a0in WebKit. Safari 11.1 is available through the App Store<\/strong> under the Updates tab<\/strong>.<\/p>\n Circling back to the mention of Privacy Icons in macOS 10.13.4 High Sierra, iOS 11 and also part of tvOS 11.3, what’s that all about? This is a new feature that draws your attention to Apple features that want to access your personal information, for instance, when that access is requested. You will see a welcome screen on your Mac, iOS device or Apple TV after installing the latest update, and it will explain why it’s there. On an iPhone it will look like this:<\/p>\n More privacy enhancements and changes are coming in response to the new privacy laws<\/a> in Europe, such as the ability to download a copy of all the data Apple has on you and the ability to delete your account. With Facebook’s controversial handling of user data<\/a> back in the news, this is a good time for Apple to roll out such features as it makes the company look very good in contrast.<\/p>\n","protected":false},"excerpt":{"rendered":" Last week, Apple released updates for all of its current operating systems and Safari web browser, as well as security updates for macOS Sierra and OS X El Capitan. These updates came with new features, functionality and security fixes and enhancements. The following guide\u00a0details\u00a0what new features each updates includes, the bugs addressed\u2014including patches for the […]<\/p>\n","protected":false},"author":79,"featured_media":55957,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[5],"tags":[4024,4021,3058,3106,4036,3748,4027,4033,4030],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\t\n\t\n\t\nmacOS High Sierra 10.13.4<\/h3>\n
\n
\n<\/strong>Impact: A configuration profile may incorrectly remain in effect after removal
\nDescription: An issue existed in CFPreferences. This issue was addressed through improved preferences cleanup.<\/p>\n
\n<\/strong>Impact: An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled
\nDescription: By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management.<\/p>\n
\n<\/strong>Impact: An APFS volume password may be unexpectedly truncated
\nDescription: An injection issue was addressed through improved input validation.<\/p>\n
\n<\/strong>Impact: An APFS volume password may be unexpectedly truncated
\nDescription: An injection issue was addressed through improved input validation.<\/p>\n
\n<\/strong>Impact: Processing a maliciously crafted text message may lead to UI spoofing
\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.<\/p><\/blockquote>\n\n
iOS 11.3<\/h3>\n
\n
\n– Displays information on iPhone maximum battery capacity and peak performance capability
\n– Indicates if the performance management feature that dynamically manages maximum performance to prevent unexpected shutdowns is on and includes the option to disable it
\n– Recommends if a battery needs to be replaced<\/li>\n
\n– When an Apple feature asks to use your personal information, an icon now appears along with a link to detailed information explaining how your data will be used and protected<\/li>\n
\n– Improves Updates tab information with app version and file size<\/li>\n
\n<\/strong>Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password
\nDescription: A state management issue existed when restoring from a back up. This issue was addressed through improved state checking during restore.<\/p>\n
\n<\/strong>Impact: An application may be able to gain elevated privileges
\nDescription: A race condition was addressed with additional validation.<\/p>\n
\n<\/strong>Impact: An attacker in a privileged network position may be able to intercept the contents of S\/MIME-encrypted e-mail
\nDescription: An inconsistent user interface issue was addressed with improved state management.<\/p>\n
\n<\/strong>Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing
\nDescription: An inconsistent user interface issue was addressed with improved state management.<\/p><\/blockquote>\nwatchOS 4.3<\/h3>\n
\n
tvOS 11.3<\/h3>\n
\n
Safari 11.1<\/h3>\n
\n
\n– Enhanced consistency of cross-site tracking protection behaviors.<\/li>\n
\n– Added display of \u201cWebsite Not Secure\u201d warnings when the user focus moves to a password or credit card form on an insecure page.<\/li>\n
\n– <\/strong>Disabled AutoFill at page load to prevent sharing information without user consent.<\/p>\nPrivacy Icons<\/h3>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/04\/Apple-privacy-icon.jpg\"){kind=icon}
<\/p>\n