A LibreSSL issue was also fixed, which could have enabled a local user to leak sensitive user information.
Listed as recommended for all users and improves the security of OS X, Security Update 2017-001 addresses a memory corruption issue that could lead to arbitrary code execution when a maliciously crafted JPEG file was viewed. Security Update 2017-001 (El Capitan)Īvailable for: Any Mac running OS X El Capitan v10.11.6 MacOS Sierra 10.12.4 can be downloaded by going to the App Store > Updates tab, as a stand-alone update here or a combo update here. The above Macs are potentially still vulnerable to the EFI firmware vulnerability. (Hat tip to Pepijn Bruienne for that list.) – Mac mini (Mid 2011) (with AMD Radeon Graphics)
– MacBook Pro (Retina, 15-inch, Mid 2014) – MacBook Pro (Retina, 15-inch, Late 2013) If you feel your hardware is at risk for having their firmware exploited through malicious Thunderbolt adapters, you may want to know that not all Macs had their firmware patched.įollowing are some of the Macs we know of that did not get their firmware updated: The firmware will automatically be patched when the macOS Sierra 10.12.4 update is installed. According to Apple, “A malicious Thunderbolt adapter may be able to recover the FileVault 2 encryption password.” Attacking the firmware to bypass security is not unheard of as the recent WikiLeaks dumped documents show that the CIA has been using such an exploit, called “Sonic Screwdriver,” and the Thunderstrike bug a few years ago that also found a way to modify firmware.
MacOS Sierra 10.12.4 includes an EFI firmware patch for some machines to address potential firmware attacks.
For those on older Macs, or even those on newer Macs, f.lux still offers superior controls and results. Night shift is available to all Macs from 2012 (Mac Pro not included) and newer.
Resolves several PDF rendering and annotation issues in Preview.Improves right-to-left language support for the Touch Bar, toolbar, and visual tab picker in Safari.Adds Dictation support for Shanghainese.Adds Siri support for cricket scores, schedules, and player rosters from the Indian Premier League and International Cricket Council.Adds Night Shift for automatically shifting the colors in your display to the warmer end of the spectrum after dark.Listed as an update that improves the stability, compatibility, and security of your Mac, it mentions the following as being new and improved: macOS Sierra 10.12.4Īvailable for: Any Mac running macOS Sierra 10.12.3
As we all know, there is much more to these updates than what’s shown in the update description, so here are some of the details. Security News Apple Releases macOS Sierra 10.12.4 and More with Security FixesĪpple this week released security software updates for all of its operating systems, Safari, Pages, Numbers and Keynote.