
About the security content of macOS High Sierra 10.13.5 - xoa
https://support.apple.com/en-us/HT208849
======
0x0
Release notes for iOS 11.4, tvOS, watchOS, Safari, iCloud for Windows haven't
been posted on the main web site but they were already posted to the mailing
list: [https://lists.apple.com/archives/security-
announce/2018/Jun/...](https://lists.apple.com/archives/security-
announce/2018/Jun/index.html)

~~~
xoa
Yeah, 10.13.5 is the accompanying update in many ways (kind of odd they didn't
just release them in total sync), Messages in iCloud needs it for example.

Also, looks like this update contains some mitigation efforts by Apple towards
S/MIME exfiltration out of Mail.app, though the CVE they cite doesn't match
what I remember Efail's being [1] so I'd be curious if it has any effect on
that one, even if the existing S/MIME has fundamental flaws that can't really
be patched. This also prompted me to go take a look on the GPG side of things,
there is no native support of course so most people are probably using GPGMail
if they aren't using an alternative mail application. They still haven't
released GPG Suite 2018.2 however, so the only mitigation remains no loading
of remote content.

This article also covers security patches for 10.11/10.12 and there are some
important ones there. Noteworthy is some more Spectre fallout with Apple
getting out patches for both 10.11 and 10.12 covering CVE-2018-8897. I think
most OS got that patched earlier in May (I know DragonFly BSD had that dealt
with on the 9th), but it's better then nothing that Apple is continuing its
informal couple of years of security patches for macOS. There are plenty of
people who've avoided High Sierra too so it matters even more.

\----

1) CVE-2017-17688 and CVE-2017-17689, discussed on HN:
[https://news.ycombinator.com/item?id=17064129](https://news.ycombinator.com/item?id=17064129)

