- Apple released latest security updates for iOS and macOS.
- Safari is updated to 11.1 version to prevent WebKit vulnerabilities.
- Another software fix is related to the APFS password bug.
Apple has brought us the newest security updates this week. These new updates are released for both iOS and macOS devices. On the iOS devices, the update was implemented into the new iOS 11 update which makes it 11.3.1 version. For Mac users, this patch is called "Security Update 2018-001".
As one part of this security update, Safari is upgraded to the version 11.1. The new patch focuses on the vulnerability regarding the WebKit web rendering code. There were two remote code execution (RCE) bugs which in theory, could be exploited by a hacker to silently implant malware on your device. Keep in mind that if you are using El Capitan or Sierra, you need to update Safari separately. Naked Security says that bugs were discovered by legitimate security researchers, so there weren't any actual attacks before the update.
The second part of the security update is something Apple referred to as "APFS password bug". The APFS stands for "Apple File System" which is developed specifically for flash memory storage devices. Once the user plugs in their USB drive, the macOS would write a system log file onto the drive which contained the password information. Considering how password keys should not be visible nor accessible to anyone so easily, it is obvious how this might be considered a major security threat. Fortunately, Apple fixed this with the mentioned "Security Update 2018-001".
To check if you have the latest update on your iOS device, go to the Settings / General / Software Update and check what version of the iOS you are using. If you are using a Mac, even after the security update you will stay on the latest version 10.13.4 of macOS.