Apple has released the macOS High Sierra 10.13.2 as an update for all its compatible Mac machines. The update does not include any new features but has a number of stability and security improvements for nearly two dozen vulnerabilities.
The update comes a week later following Apple’s move to kick out an emergency for a glaring hole in macOS that allowed anyone with access to a Mac (either in person or remote) to bypass the login screen and act as a root account.
The update has been made available for all Mac machines starting from 2009 that are eligible for macOS High Sierra.
According to Shaun Nicholas, a Technology writer based in San Francisco, the patched flaws could potentially allow code execution with system privileges if targeted. Those flaws, which can be targeted by installed applications, include two code execution vulnerabilities and six bugs that allow applications to read restricted memory sections.
The macOS Screen Sharing Server has a bug that will be reminiscent of last week’s ‘IAmRoot’ fiasco. That flaw, CVE-2017-13826, discovered by Toronto researcher Trevor Jacques, would let anyone with screen sharing access to a Mac to operate with root privileges, all as a result of an error in the permissions handling.
The Intel Graphics Driver used by the Mac was the subject of three vulnerabilities, two of them found by Ian Beer of Google Project Zero. They include two arbitrary code execution bugs (CVE-2017-13883, CVE-2017-13875) and one (CVE-2017-13878) that could allow an attacker to crash the system or read kernel memory contents.
In the macOS Mail app, a bug (CVE-2017-13871) could cause some S/MIME encrypted messages to be sent out unencrypted, and a flaw in Mail Drafts (CVE-2017-13860) could allow for messages to be intercepted and read.
Those using older versions of macOS will get a separate update known as Security Update 2017-002 on Sierra and 2017-005 El Capitan. iTunes on Windows will also get an update.
Those who own multiple pieces of Apple-branded kit will find themselves with something of a backlog in patches. Earlier this week, Apple released an update for iOS that included security and stability fixes, followed by patches for tvOS and watchOS.