About the security content of macOS High Sierra 10.13.3

Funnily, if you look at the description in the app store, it makes it look like a completely skippable update, especially if you don&#x27;t use Messages.<p>&gt; This update:<p>&gt;<p>&gt; * Addresses an issue that could cause Messages conversations to temporarily be listed out of order

There may yet be more security fixes included than the article currently lists. It seems that for the last few releases, Apple has been quietly adding and updating CVEs to the release notes days and weeks after the initial publication, not least of which was the meltdown mitigations in 10.13.2 (that update was pushed almost a month before the meltdown embargo was lifted, and the fact that patches were already included was kept secret).<p>For a scary-looking example of what macOS 10.13.3 &#x2F; iOS 11.2.5 may secretly contain fixes for, take a look at <a href="https:&#x2F;&#x2F;twitter.com&#x2F;ranixch&#x2F;status&#x2F;955921380855418882" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;ranixch&#x2F;status&#x2F;955921380855418882</a>

Regarding IOHIDFamily: An application may be able to execute arbitrary code with kernel privilege<p>I found this: <a href="https:&#x2F;&#x2F;siguza.github.io&#x2F;IOHIDeous&#x2F;" rel="nofollow">https:&#x2F;&#x2F;siguza.github.io&#x2F;IOHIDeous&#x2F;</a> that was published Dec 31.<p>It took Apple 23 days since it was public before they released a fix.<p>&gt; The exploit accompanying this write-up consists of three parts:<p>&gt; poc (make poc) Targets all macOS versions, crashes the kernel to prove the existence of a memory corruption.<p>&gt; leak (make leak) Targets High Sierra, just to prove that no separate KASLR leak is needed.<p>&gt; hid (make hid) Targets Sierra and High Sierra (up to 10.13.1, see README), achieves full kernel r&#x2F;w and disables SIP to prove that the vulnerability can be exploited by any unprivileged user on all recent versions of macOS [!!!!!!!!!]

This is the weirdest update I&#x27;ve ever applied.<p>Download&gt;Click install&gt;30 seconds later it reboots&gt;Apple logo gray screen I see &quot;installing software updates&quot; and a status bar that gets 25% of the way done and then the screen goes black, fans go high, then a reboot&gt;screen is still black, fans go high, 3 minutes another reboot&gt;screen is still black, fans go high for 30 seconds and now nothing for the past 10 minutes.<p>Power light is on, caps lock key does light up, the keyboard lighting comes on if I touch keys and I can increase or decrease that lighting with the proper key, but no backlight. WTH?<p>OMFG, now 15 minutes after starting, more fan noise for about 30 seconds...<p>So it&#x27;s still doing something, but with a black screen.<p>No change 35 minutes after starting the update...

I find this title unhelpful. Is there something specific I should be aware of in this update?

2.17 GB!

Is this the second or third time the&#x27;re fixing Meltdown?

If you look at the Mac security updates lately, you can see avalanches of &quot;execute arbitrary code&quot; fixes for every release. It seems that Mac Os X has more holes than a factory of Swiss cheese.<p>EDIT: Why was this downvoted?<p>If you down vote at least you can comment why. These are the security updates since Oct:<p><a href="https:&#x2F;&#x2F;support.apple.com&#x2F;en-us&#x2F;HT201222" rel="nofollow">https:&#x2F;&#x2F;support.apple.com&#x2F;en-us&#x2F;HT201222</a><p><a href="https:&#x2F;&#x2F;support.apple.com&#x2F;en-us&#x2F;HT208331" rel="nofollow">https:&#x2F;&#x2F;support.apple.com&#x2F;en-us&#x2F;HT208331</a><p><a href="https:&#x2F;&#x2F;support.apple.com&#x2F;en-us&#x2F;HT208165" rel="nofollow">https:&#x2F;&#x2F;support.apple.com&#x2F;en-us&#x2F;HT208165</a><p><a href="https:&#x2F;&#x2F;support.apple.com&#x2F;en-us&#x2F;HT208315" rel="nofollow">https:&#x2F;&#x2F;support.apple.com&#x2F;en-us&#x2F;HT208315</a>