Over the course of the last four days, Apple has released updates to address security issues for several products, such as macOS High Sierra, Safari, watchOS, tvOS, and iOS.
The most relevant security update is the one to macOS, as it also permanently fixes the bug that allowed attackers to access macOS root accounts without having to type a password.
Apple issued a patch for the bug the next day after it was discovered, but because the patch was delivered as an out-of-band update that did not alter the macOS version number, when users from older macOS versions updated to 10.13.1 (the vulnerable version), the bug was still present.
With today's update, the patch for the bug —now known as "IAmRoot" (CVE-2017-13872)— has received a permanent fix. All users who upgrade to macOS High Sierra 10.13.2 are safe.
Below is a summary of all the other fixes, along with links to each product's changelog.
Name and information link |
Available for |
Number of vulnerabilities |
Release date |
---|---|---|---|
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan | OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.1 | 22 | 6 Dec 2017 |
Safari 11.0.2 (details available soon) | OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13 | TBD | 6 Dec 2017 |
watchOS 4.2 | All Apple Watch models | 10 | 5 Dec 2017 |
tvOS 11.2 | Apple TV 4K and Apple TV (4th generation) | 10 | 4 Dec 2017 |
iOS 11.2 | iPhone 5s and later, iPad Air and later, and iPod touch 6th generation | 14 | 2 Dec 2017 |
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now