Home / mailings APPLE-SA-2017-10-05-1 macOS High Sierra 10.13 Supplemental Update
Posted on 05 October 2017
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-10-05-1 macOS High Sierra 10.13 Supplemental Update
macOS High Sierra 10.13 Supplemental Update is now available
and addresses the following:
StorageKit
Available for: macOS High Sierra 10.13
Impact: A local attacker may gain access to an encrypted APFS volume
Description: If a hint was set in Disk Utility when creating an APFS
encrypted volume, the password was stored as the hint. This was
addressed by clearing hint storage if the hint was the password, and
by improving the logic for storing hints.
CVE-2017-7149: Matheus Mariano of Leet Tech
Security
Available for: macOS High Sierra 10.13
Impact: A malicious application can extract keychain passwords
Description: A method existed for applications to bypass the
keychain access prompt with a synthetic click. This was addressed by
requiring the user password when prompting for keychain access.
CVE-2017-7150: Patrick Wardle of Synack
New downloads of macOS High Sierra 10.13 include the security
content of the macOS High Sierra 10.13 Supplemental Update.
Installation note:
macOS High Sierra 10.13 Supplemental Update may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
