Apple Releases macOS High Sierra 10.13 Supplemental Update With Fix for APFS Disk Utility Bug and Keychain Vulnerability

Apple today released a supplemental update to macOS High Sierra 10.13, the first update to the macOS High Sierra operating system that was released to the public in late September. The macOS High Sierra 10.13 update comes just over one week after the release of macOS High Sierra.

The new version of macOS High Sierra 10.13 is a free update for all customers who have a compatible machine. The update can be downloaded using the Software Update function in the Mac App Store.

The supplemental macOS High Sierra 10.13 update addresses a software vulnerability that could expose the passwords of encrypted Apple File System volumes in plain text in Disk Utility.

Apple has released a support document alongside the Supplemental Update that walks users through the process of protecting their data if macOS High Sierra is showing a password instead of a password hint on an encrypted APFS volume.

Steps include installing the new update, creating an encrypted backup of data for the affected volume, erasing the drive, reformatting to APFS, then APFS (Encrypted), and finally restoring the data that was backed up.

A separate security support document says that the update also fixes a vulnerability that could let a hacker steal the usernames and passwords of accounts stored in Keychain using a malicious third-party app.

And finally, according to the release notes accompanying the update, it also improves installer robustness, fixes a cursor graphic bug in Adobe InDesign, and resolves an issue where messages couldn't be deleted from Yahoo accounts in Mail.

macOS High Sierra introduces a new more modern file system designed for flash storage (APFS), Metal 2, Safari improvements that protect user privacy and prevent autoplay videos, and improvements to several apps like Photos, Mail, Notes, and more.