Apple has released the first supplemental update to macOS High Sierra 10.13, complete with bug fixes, improvements, and security fixes.



General release notes accompanying the supplemental update suggests the release includes improvements to stability, reliability, and security. Specifically, the update is said to “improve installer robustness” (it is unclear if this addresses the issue where some users are unable to download a complete macOS High Sierra installer without third party utility assistance), includes a fix for cursor graphics bugs when using Adobe InDesign, and resolves and issue with Mail app was unable to delete email from Yahoo accounts. Additionally, the update includes a security fix to address a problem where Disk Utility could be used to reveal the password of an encrypted AFPS volume, and the update also resolves a security bug relating to Keychain passwords. Complete security update release notes are below for those interested. The supplemental update is recommended for all macOS High Sierra users to install.

Downloading macOS High Sierra Supplemental Update

Mac users running macOS 10.13 High Sierra can find the update available to download and install now in the Mac App Store Updates section. The update is labeled as “macOS High Sierra 10.13 Supplemental Update”.

You can also choose to download the macOS High Sierra Supplemental Update as a DMG installer file from Apple by going here and choosing the blue Download button, as dmg file the download size is 920 MB.

Note the supplemental update is separate from the beta versions of 10.13.1 currently under the beta testing programs.

Always back up a Mac before installing any system software update, including smaller bug fix updates like this macOS High Sierra Supplemental Update.

macOS High Sierra Supplemntal Update Release Notes

The macOS High Sierra general release notes and security release notes are as follows, beginning with the former:

This supplemental update includes improvements to the the stability, reliability and security of your Mac, and is recommended for all macOS High Sierra users. This update: • Improves installer robustness • Fixes a cursor graphic bug when using Adobe InDesign • Resolves an issue where email messages couldn’t be deleted from Yahoo accounts in Mail

The complete security related supplemental update release notes are below:

macOS High Sierra 10.13 Supplemental Update

Released October 5, 2017

StorageKit

Available for: macOS High Sierra 10.13

Impact: A local attacker may gain access to an encrypted APFS volume

Description: If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints.

CVE-2017-7149: Matheus Mariano of Leet Tech Security

Available for: macOS High Sierra 10.13

Impact: A malicious application can extract keychain passwords

Description: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access. CVE-2017-7150: Patrick Wardle of Synack New downloads of macOS High Sierra 10.13 include the security content of the macOS High Sierra 10.13 Supplemental Update.

Separately, iPhone and iPad users can find iOS 11.0.2 available as an update, which also includes various bug fixes for that system software release, and watchOS 4.0.1 for Apple Watch is out as well.