Apple security updates

Over the course of the last four days, Apple has released updates to address security issues for several products, such as macOS High Sierra, Safari, watchOS, tvOS, and iOS.

The most relevant security update is the one to macOS, as it also permanently fixes the bug that allowed attackers to access macOS root accounts without having to type a password.

Apple issued a patch for the bug the next day after it was discovered, but because the patch was delivered as an out-of-band update that did not alter the macOS version number, when users from older macOS versions updated to 10.13.1 (the vulnerable version), the bug was still present.

With today's update, the patch for the bug —now known as "IAmRoot" (CVE-2017-13872)— has received a permanent fix. All users who upgrade to macOS High Sierra 10.13.2 are safe.

Below is a summary of all the other fixes, along with links to each product's changelog.

Name and information link

Available for

Number of vulnerabilities

Release date

macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.1 22 6 Dec 2017
Safari 11.0.2 (details available soon) OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13 TBD 6 Dec 2017
watchOS 4.2 All Apple Watch models 10 5 Dec 2017
tvOS 11.2 Apple TV 4K and Apple TV (4th generation) 10 4 Dec 2017
iOS 11.2 iPhone 5s and later, iPad Air and later, and iPod touch 6th generation 14 2 Dec 2017