Apple Releases macOS High Sierra 10.13 Supplemental Update to Address Security Flaws, Bugs

macOS High Sierra Updated

Apple released macOS High Sierra 10.13 Supplemental Update on Thursday. The update fixes two important security flaws, one of which was just recently publicized. It also addresses three relatively minor bugs in macOS High Sierra.

macOS High Sierra

Apple’s patch notes for macOS High Sierra 10.13 Supplemental Update

This supplemental update includes improvements to the the stability, reliability and security of your Mac, and is recommended for all macOS High Sierra users. This update:

  • Improves installer robustness
  • Fixes a cursor graphic bug when using Adobe InDesign
  • Resolves an issue where email messages couldn’t be deleted from Yahoo accounts in Mail

Security patch notes for macOS High Sierra 10.13 Supplemental Update


Available for: macOS High Sierra 10.13
Impact: A local attacker may gain access to an encrypted APFS volume
Description: If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints.
CVE-2017-7149: Matheus Mariano of Leet Tech


Available for: macOS High Sierra 10.13
Impact: A malicious application can extract keychain passwords
Description: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.
CVE-2017-7150:Patrick Wardle of Synack

New downloads of macOS High Sierra 10.13 include the security content of the macOS High Sierra 10.13 Supplemental Update.

The update is a 923.4MB download at the link above for the standalone installer. As of this writing, I’m not seeing the update in Software Update, but it will likely appear later in the day.

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Oldest Most Voted
Inline Feedbacks
View all comments
W. Abdullah Brooks, MD

Bryan: I Agree with John K that this was a serious update, at least on my 2012 MBP Retina core i7. One observation: never attempt a software update if your system has not completed hard disk encryption. This was an unintended complication. I had assumed that my hard drive had completed encrypting after doing the original High Sierra instal (actually I had forgot about it because it had started more than 24 hours before and I forgot how long these can take), went for the update and got a notice that the installation of the update could not be completed… Read more »

John Kheit

This ‘update’ was a more intense install than 10.13 itself for me on my 2010 and 2016 machines. Seems fine, but man that was a serious update.