Security News

macOS Sierra, OS X El Capitan Updates Patch Meltdown Flaw

Posted on by

Apple software security updates

Apple has just released macOS High Sierra 10.13.3, Security Update 2018-001 Sierra and Security Update 2018-001 El Capitan, Safari 11.0.3, iOS 11.2.5, watchOS 4.2.2 and tvOS 11.2.5. These updates fix a vast array of security bugs, most prominently for macOS Sierra and OS X El Capitan as the updates patch the Meltdown flaw.

Ensuring your software is always up-to-date is one of the best ways to maintain your Apple product’s security, so without further ado, following is a list of key details in each update as well as where you can obtain them for your Apple device.

macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, Security Update 2018-001 El Capitan

These updates are available for macOS High Sierra 10.13.2, macOS Sierra 10.12.6, and OS X El Capitan 10.11.6.

The most notable security updates are available for macOS Sierra and OS X El Capitan, which include patches for the Meltdown flaw. Another bug fix mentioned in Apple’s security notice is related to Messages, where “processing a maliciously crafted text message may lead to application denial of service.” Stay tuned tomorrow morning for a new episode of the Intego Mac Podcast in which Kirk and Josh take a deeper look at these kinds of Message-based bugs.

Altogether, 17 security issues were addressed in the above mentioned operating system updates. For the full list of security issues addressed by these updates, have a look here.

Mac users can download and install macOS High Sierra 10.13.3, Security Update 2018-001 (Sierra), and Security Update 2018-001 (El Capitan) from the Mac App Store, or you can get them from Apple’s official website. Downloads

Note that macOS High Sierra 10.13.3 includes Safari 11.0.3, but Sierra and El Capitan users will see this as a separate download in the Mac App Store.

Safari 11.0.3

Safari 11.0.3 is a minor update that includes just 3 fixes for WebKit, all addressing the same vulnerability.

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.3
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.

Further security release notes may be published at a later date, so keep an eye on this page for more details.

iOS 11.2.5

iOS 11.2.5 is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.

A total of 13 security bugs were patched in iOS 11.2.5, many of which were also addressed in macOS. Most notably, Apple tackled a bug that allowed a malicious link to crash the Messages app.

The full list of security issues addressed can be found here. iOS users can download iOS 11.2.5 over the air by going to Settings > General > Software Update. You can also connect your iOS device to your Mac and let iTunes do the update for you.

watchOS 4.2.2

watchOS 4.2.2 is available for all Apple Watch models.

A total of 12 security issues were addressed, including a fix for the malicious link that could crash Messages.

The full list of security issues addressed can be found here. Apple watchOS users can download and install watchOS 4.2.2 by connecting the watch to its charger, and then on your iPhone open Apple Watch app > My Watch tab > General > Software Update.

tvOS 11.2.5

tvOS 11.2.5 is available for Apple TV 4K and Apple TV (4th generation).

The same security issues that Apple patched in iOS 11.2.5 and watchOS 4.2.2 were also patched in tvOS 11.2.5, excluding a “LinkPresentation” flaw that does not impact tvOS.

The full list of security issues addressed can be found here. Apple TV users can update to tvOS 11.2.5 directly from your Apple TV by going to Settings > System > Update Software.

While much can be said about the current state of macOS and Apple’s quality assurance testing before the company releases software updates, it is still best to install these updates as soon as you can to maintain your Apple product’s security. After all, with the Meltdown and Spectre vulnerabilities now patched across the board for all Apple supported operating systems and hardware, these are two less things Mac users have to worry about. Of course, having a good backup of your data is important before doing any kind of updates, so make sure you do so first.

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. View all posts by Jay Vrijenhoek →