Apple releases macOS 10.13.4 security update

Following the previous unexpected release of iOS 11.3.1. Apple has released macOS 10.13.4 bringing security improvements to all devices running macOS High Sierra. The update can be downloaded from the Mac App Store through the software update tab. Apple’s release notes indicate that the update includes very small changes in term of features. However, the update fixes some security issues which were previously present.

You can read the change-log here:

Security Update 2018-001 is recommended for all users and is meant to improve the security of macOS. The update addresses two security vulnerabilities related to Crash Reporter and LinkPresentation, both of which could be used maliciously to gain access to a Mac. A Safari 11.1 update is also included, with fixes for WebKit vulnerabilities.

Apple’s Security Updates Page, shows this change-log:

Crash Reporter

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to gain elevated privileges

Description: A memory corruption issue was addressed with improved error handling.

CVE-2018-4206: Ian Beer of Google Project Zero


Available for: macOS High Sierra 10.13.4

Impact: Processing a maliciously crafted text message may lead to UI spoofing

Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2018-4187: Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_)