About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
For more information about security, see the Apple Product Security page. You can encrypt communications with Apple using the Apple Product Security PGP Key.
MacOS Sierra (version 10.12) is the thirteenth major release of macOS (previously known as OS X and Mac OS X), Apple Inc.' S desktop and server operating system for Macintosh computers. The name 'macOS' stems from the intention to uniform the operating system's name with that of iOS, watchOS and tvOS. Sierra is named after the Sierra Nevada mountain range in California and Nevada. Available for: macOS High Sierra 10.13.5. Impact: A malicious application may be able to determine kernel memory layout. Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2018-4289: shrekwzw of Qihoo 360 Nirvan Team. Available for: macOS High Sierra 10.13.5.
Apple security documents reference vulnerabilities by CVE-ID when possible.
macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
Released July 9, 2018
Accounts
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to access local users AppleIDs
Description: A privacy issue in the handling of Open Directory records was addressed with improved indexing.
CVE-2018-4470: Jacob Greenfield of Commonwealth School
Entry added December 10, 2018
AMD
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to determine kernel memory layout
Description: An information disclosure issue was addressed by removing the vulnerable code.
CVE-2018-4289: shrek_wzw of Qihoo 360 Nirvan Team
APFS
Available for: macOS High Sierra 10.13.5
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2018-4268: Mac working with Trend Micro's Zero Day Initiative
ATS
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to gain root privileges
Description: A type confusion issue was addressed with improved memory handling.
CVE-2018-4285: Mohamed Ghannam (@_simo36)
Bluetooth
Available for: MacBook Pro (15-inch, 2018) and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports)
Other Mac models were addressed with macOS High Sierra 10.13.5.
Other Mac models were addressed with macOS High Sierra 10.13.5.
Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.
CVE-2018-5383: Lior Neumann and Eli Biham
Entry added July 23, 2018
CFNetwork
Available for: macOS High Sierra 10.13.5
Impact: Cookies may unexpectedly persist in Safari
Description: A cookie management issue was addressed with improved checks.
CVE-2018-4293: an anonymous researcher
CoreCrypto
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
Impact: A malicious application may be able to break out of its sandbox
Description: A memory corruption issue was addressed with improved input validation.
CVE-2018-4269: Abraham Masri (@cheesecakeufo)
CUPS
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5
Impact: An attacker in a privileged position may be able to perform a denial of service attack
Description: A null pointer dereference was addressed with improved validation.
![Macos apfs release date Macos apfs release date](https://www.iphonefirmware.com/wp-content/uploads/2020/06/Apple-adds-APFS-encrypted-drive-support-to-iOS-14-and-APFS-Time-Machine-backups-to-macOS-Big-Sur-iphonefirmware-com-900x284.png)
CVE-2018-4276: Jakub Jirasek of Secunia Research at Flexera
Entry added September 25, 2018
DesktopServices
Available for: macOS Sierra 10.12.6
Impact: A local user may be able to view sensitive user information
Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation.
CVE-2018-4178: Arjen Hendrikse
Intel Graphics Driver
Available for: macOS High Sierra 10.13.5
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2018-4456: Tyler Bohan of Cisco Talos
Entry updated January 22, 2019
![Macos apfs release date 2019 Macos apfs release date 2019](https://cdn.osxdaily.com/wp-content/uploads/2016/06/macos-sierra-screenshots-4.jpg)
IOGraphics
Available for: macOS High Sierra 10.13.5
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
CVE-2018-4283: @panicaII working with Trend Micro's Zero Day Initiative
Kernel
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5
Impact: Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel
Description: Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value.
An information disclosure issue was addressed with FP/SIMD register state sanitization.
CVE-2018-3665: Julian Stecklina of Amazon Germany, Thomas Prescher of Cyberus Technology GmbH (cyberus-technology.de), Zdenek Sojka of SYSGO AG (sysgo.com), and Colin Percival
Kernel
Available for: macOS High Sierra 10.13.5
Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com
CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com
Entry added October 30, 2018
libxpc
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2018-4280: Brandon Azad
libxpc
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2018-4248: Brandon Azad
LinkPresentation
Available for: macOS High Sierra 10.13.5
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com)
Perl
Available for: macOS High Sierra 10.13.5
Impact: Multiple buffer overflow issues existed in Perl
Description: Multiple issues in Perl were addressed with improved memory handling.
CVE-2018-6797: Brian Carpenter
CVE-2018-6913: GwanYeong Kim
Entry added October 30, 2018
Ruby
Available for: macOS High Sierra 10.13.5
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: Multiple issues in Ruby were addressed in this update.
CVE-2017-0898
CVE-2017-10784
CVE-2017-14033
CVE-2017-14064
CVE-2017-17405
CVE-2017-17742
CVE-2018-6914
CVE-2018-8777
CVE-2018-8778
CVE-2018-8779
CVE-2018-8780
Entry added October 30, 2018
WebKit
Available for: macOS High Sierra 10.13.5
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
CVE-2018-4274: Tomasz Bojarski
Entry added July 28, 2020
Additional recognition
App Store
We would like to acknowledge Jesse Endahl & Stevie Hryciw of Fleetsmith, and Max Bélanger of Dropbox for their assistance.
Entry added August 8, 2018
Help Viewer
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance with four mitigations.
Kernel
We would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro’s Zero Day Initiative for their assistance.
Security
We would like to acknowledge Brad Dahlsten of Iowa State University for their assistance.
After remaining in the 10th iteration of Mac OS from 2001 to 2020, Apple moved to macOS 11 with Big Sur. Over its lifetime, Apple has made considerable improvements to the performance, security, and functionality of the software, making it one of the most robust and user-friendly operating systems around.
● Operating System for Mac and MacBook
● Started as Mac OS in 1984
● Mac OS X shipped March 2001
● Unix-based OS
● Major releases originally named after big cats
● Now named after California locations
● Started as Mac OS in 1984
● Mac OS X shipped March 2001
● Unix-based OS
● Major releases originally named after big cats
● Now named after California locations
Apple's macOS is the operating system that runs on the company's Mac lineup. The software, which is free to update for all Mac and MacBook owners, handles system functions, applications, and hardware controls.
Apple designed macOS to run as optimally as possible on the company's hardware. It also connects to Apple's online services, including the Mac App Store, Apple Music, iCloud, and related services. It includes considerable security protections to keep users and their data safe from harm.
Based on Unix at its core, macOS is a flexible operating system. Power users will appreciate its configurable aspects, such as Terminal commands or server-based applications. However, it's also friendly towards more casual users, gaining many iOS features and visual design cues through the years.
macOS started as Mac OS, which launched in 1984. It underwent multiple major releases until the final version under the initial name, Mac OS 9, shipped to customers in 1999.
Apple changed its naming policy with the launch of Mac OS X, known colloquially as OS X, in March 2001. After that release, Apple kept the major version number at 10 for nearly two decades. Instead of changing the major version number, Apple used a following minor number to indicate annual upgrade releases, such as version 10.1, 10.2, and 10.3.
In 2016, Apple altered how it referred to the operating system. Still known as Mac OS or OS X prior to that, the company switched to macOS. This matched the naming pattern of its other operating systems, including iOS, tvOS, and watchOS.
Apple's 10.X naming scheme changed with macOS Big Sur's arrival in 2020. Apple finally retired the old naming scheme and called Big Sur version 11.
As well as the official name and version number, Apple has also altered the release title for each over time. From the release of Mac OS X 10.0 Cheetah until OS X 10.8 Mountain Lion, Apple referred to the operating system by the name of a big cat. Starting with OS X 10.9 Mavericks, Apple switched the naming convention to refer to California landmarks. The company has continued to do so since then.
macOS 11 Big Sur
Apple announced macOS Big Sur at WWDC 2020 and released the new OS in November 2020. The operating system was redesigned with new textured icons, colorful sidebars, and more transparent and curvy elements. The design changes make the Mac look much like iPadOS than ever before.
Big Sur also begins to move the Mac away from Intel chips to custom Apple Silicon, including the new M1 chip.
Apple offers several tools to help developers make the transition. All iOS and iPadOS apps can run on Apple Silicon natively, though developers can opt out of offering them in the Mac App Store. Developers can also easily upgrade their mobile apps to be more Mac-like with Mac Catalyst.
The first Apple Silicon-running Macs, including updated models of the 13-inch MacBook Pro, MacBook Air, and Mac mini, use Rosetta 2 for non-optimized apps. This virtualization software runs Intel apps on M1 Macs, at speeds similar to how they'd run on Intel Macs. Rosetta 2 helps both users and developers transition away from Intel.
Apple updated Safari in the new version with more privacy and security protections. Apple has made third-party extensions work with Safari even if they were built for Chrome. The ability to translate webpages is now a built-in function and works entirely on-device.
Messages is now a Mac Catalyst app that has feature parity with its iOS counterpart. Users can send message effects and Tapbacks, and tag users in a group chat just like in iOS 14 for iPhone.
macOS Catalina brought Catalyst and Sidecar to the OS
Released on October 7, 2019, macOS 10.15 Catalina introduced significant improvements to app handling.
A major change in Catalina was Apple's decision to end support for 32-bit apps, requiring developers to rework their apps into 64-bit versions to continue functioning properly. Not all developers elected to migrate their apps, forcing some users to choose between abandoning vintage apps or upgrading to Catalina.
Another chief change is the removal of iTunes, in favor of new apps that replace the majority of its functions. New apps for Apple Music, Apple Podcasts, and Apple TV spread iTunes' core functions across apps that correspond to iOS counterparts. Another iTunes feature, iOS device backup duties, is now found in the Finder.
10.15.1 introduced new emoji, support for the AirPods Pro, AMD Navi RDNA graphics cards in eGPU enclosures, alteration to the Photos app, and an option to opt in to Siri reviews.
10.15.2 made refinements to the Apple News, Stocks, Photos, Mail, and other apps, as well as fixes for issues in the Photos and Mail apps.
10.15.3 improved multi-stream video editing performance for HEVC and H.264-encoded video on the 16-inch MacBook Pro, along with Pro Display XDR optimizations.
10.15.4 added improved support for HDR-compatible monitors and added reference modes for the Pro Display XDR.
Out on September 24, 2018, macOS 10.14 Mojave's main new feature was dark mode, an alternate user interface. Users can switch between dark and light modes, and the theme can also change on a schedule via Dynamic Desktop.
Apple ported several iOS apps to macOS, including a News app, Stocks, Voice Memos, and Home for managing HomeKit. The initiative was part of 'Project Marzipan,' to enable iOS-developed apps to function in macOS with few changes. This initial quartet of apps demonstrated the concept to users and developers.
On the desktop, Stacks are an organization method for files in the workspace. Stacks piles up similar files into grouped collections automatically. Continuity Camera allows for photographs taken on an iPhone to be transferred instantly into a macOS application.
Day and night mode change your app appearance
10.14.1 consisted of new emoji, security enhancements and bug fixes, along with Group FaceTime.
10.14.2 provided security and bug fixes, a description matched by macOS 10.14.3.
10.14.4 added integration with the just-launched Apple News+ subscription service, in the Apple News app. Support for second-generation AirPods, Safari Autofill for MacBooks with Touch ID hardware, air quality index readings in Maps, and real-time text for phone calls made through a nearby iPhone were among the other changes.
10.14.5 was largely a maintenance update, though included fixes relating to AirPlay 2 support. 10.14.6 continued the security and bug fix theme.
The naming scheme took a half-step despite major underlying changes to the OS
Released on September 9, 2017, macOS 10.13 High Sierra included a major change for storage, with macOS switching over to the Apple File System, APFS. Intended to take advantage of the use of Flash and SSD storage, Apple built AFPS with encryption and enhanced security in mind. The company designed it to work with all Apple platforms, including watchOS, iOS, tvOS, and macOS.
The addition of Metal 2 included driver optimizations that brought up to 10 times better draw call throughput for graphics work, more debugging tools, and a migrated Mac Window Server.
Other notable items include the migration of H.264 to H.265/HEVC to better work with 4K and HDR content. It added faster and more power-efficient Safari. Apple's browser also added increased privacy protection, including Intelligent Tracking Prevention.
Snap camera chat. High Sierra was the last version to support 32-bit apps 'without compromises,' with Apple continuing its push to get developers over to making 64-bit apps.
10.13.1 added 70 new emoji, a fix to a Bluetooth bug involving Apple Pay, reliability improvements to Microsoft Exchange message encryption, a Spotlight input fix, and the patching of assorted KRACK wi-fi vulnerabilities.
10.13.2 was largely a maintenance release, improving compatibility for some USB audio devices, VoiceOver navigation while viewing PDFs, and a fix for a Root account generation flaw.
10.13.3 included relatively small updates, including an issue where Messages conversations were temporarily stored out of order.
10.13.4 incorporated a warning to users if they are running 32-bit apps and the launch of official eGPU support.
10.13.5 added support for Messages in iCloud, allowing conversations to be synchronized between multiple Apple devices.
10.13.6 delivered support for AirPlay 2, along with a variety of stability and security improvements.
The OS that Apple changed the name from Mac OS X to macOS
Available to end users on September 20, 2016, macOS 10.12 Sierra heralded the introduction of Siri on Mac, bringing Apple's digital assistant to the desktop. Sierra also added a cross-platform clipboard synchronization with iOS and iCloud file synchronization between iOS and macOS.
The update added Picture in Picture feature, familiar to iOS users. It also included rich Messages that moved closer to iOS messaging, changes to Photos, Apple Pay for the web, and auto-unlock via Apple Watch.
10.12.1 added iPhone 7 Photos compatibility fixes, Safari security enhancements, and fixes to Microsoft Office and Exchange issues, among other changes.
Macos Apfs Volume
10.12.2 improved the setup and reliability of Auto Unlock, Touch Bar screenshot support, and a wide variety of fixes and improvements.
10.12.3 improved automatic graphics switching on the 2016 MacBook Pro 15-inch, a fix for PDF corruption, and MacBook Pro battery drain issues in Safari.
10.12.4 added Night Shift, new PDFKit APIs, cricket scores to Siri, and more options for iCloud Analytics.
10.12.5 solved stuttering audio issues for USB headphones, a 'media-free' installation of the Windows 10 Creators Update using Boot Camp, and enhancements to the Mac App Store for compatibility with 'future software updates.'
10.12.6 largely consisted of a maintenance update.
El Capitan prioritized stability and security over flashy features
Apple's 2015 update focused less on marquee features and more on performance enhancements and subtle refinements. External backup disk. Apple released macOS 10.11 El Capitan on September 30, 2015.
The update added macOS support for Apple's Metal API. Metal is a low-level API that helps developers optimize their apps' 3D graphics. Today, it's still used across iOS, iPadOS, macOS, and tvOS.
It also introduced Apple's San Francisco system font, which it still uses today across its platforms. Apple gave Mission Control, the window and desktop quick-view app, a makeover with a cleaner design.
El Capitan brought new window-management options, including a green button that can move an app either into full-screen or Split View, a side-by-side multitasking feature also available on iPad.
The update enhanced Spotlight search, added Safari pinned sites and a mute button, and a modernized Notes app.
Apple gave its desktop software a new look with its 2014 update, OS X Yosemite. Version 10.10 redesigned various elements, including updated toolbars and translucent window elements.
Yosemite added the Today view in Notification center, which showed a customizable series of widgets. The Today view lived in a separate panel from notifications. Apple eventually killed the Today view in Big Sur, which integrated widgets into the same panel as grouped notifications.
The 2014 update also saw the launch of iCloud Drive, the file storage system built into Finder that serves as a rival to Dropbox and Google Drive. iCloud Drive didn't become ubiquitous across Apple's platforms until 2017, when the Files app launched on iOS and iPadOS.
Macos Apfs Release Date 2019
Handoff launched during this software generation, on Yosemite and iOS 7. The feature allows you to pick up immediately where you left off when changing devices. Handoff adds user convenience and ecosystem stickiness, as the perk can encourage users to go all-in on Apple hardware.
Macos Apfs Release Date
Safari in Yosemite added the Favorites view and Tab view, and search-engine support for DuckDuckGo. Mail first supported Markup for filling out forms and annotating PDFs in Yosemite, and Messages gained a new look.
Mavericks saw Apple switch from a big-cat to California landmarks naming scheme
Apple released OS X Mavericks on October 22, 2013. The updated added iCloud Keychain, Apple Maps, and iBooks, which is now called Apple Books.
Mavericks also updated Safari, enhanced multi-display support, and added tabs and tags to Finder.
The update also included performance-enhancing and battery-boosting updates under the hood.