macOS High Sierra release date, features & name: macOS reportedly already protected against Spectre and Meltdown chip vulnerabilities

apple

Apple's annual developer conference, WWDC, has been and gone. Alongside a new version of iOS and other assorted goodies, the company wowed attendees with the latest iteration of its desktop operating system, macOS High Sierra.

But what can we expect from the new software? We've run down the new features, as well as the release date and other info.

Latest news

12/04/2018: 32-bit iOS apps will stop working, says Apple

Apple is warning users that their 32-bit applications will stop working soon

As of midnight, last night, users of MacOS 10.13.4 will see an alert whenever they launch 32-bit software for the first time when running the current MacOS version.

The alert tells users that their 32-bit software will soon stop working. When a 32-bit app is started users will see this message: "This app needs to be updated by its developer to improve compatibility." There will also be a "learn more" link that takes them to an Apple support page with more information.

According to a support document by Apple, it began the transition to 64-bit hardware and software technology for Mac over a decade ago, and is working with developers to transition their apps to 64-bit. It added that at its last WWDC in 2017, developers were warned that macOS High Sierra "would be the last version of macOS to run 32-bit apps without compromise".

"Starting with macOS High Sierra 10.13.4, apps that have not been updated to use 64-bit processes produce a one-time alert when opened. This gives users advance notice that they are running 32-bit software, which will not be compatible with macOS in the future," said the support document.

While users can still use 32-bit software today with "no adverse effects", there may be problems in the future. It added that "final transition dates have not yet been established", but now would be a good time to see if there are64-bit versions of applications for users.

Apple said that users can check for 64-bit compatibility through the system report feature.

"From the Apple menu, choose About This Mac, then click the System Report button. From the system report, scroll down to Software, then select Applications. When you select an individual application, you will see a field titled "64-bit (Intel)". "Yes" indicates 64-bit; "No" indicates 32-bit," said the document.

Apple has already completed its 64-bit transition in iOS, with similar messages displayed to iPhone and iPad users before iOS 11 was launched.

04/01/2018: Despite the recent news that a serious design flaw reportedly present in all Intel's CPUs made in the last 10 years could leave devices running such chips vulnerable to hackers, Apple has reportedly already ironed out the issue in the latest release of macOS. According to software developer Alex Ionescu, Apple introduced a fix for the CPU flaw in the release of macOS 10.13., and there are additional tweaks set to be introduced in macOS 10.13.3, which he said is currently in beta testing.

See more

Additionally, AppleInsider has claimed that "multiple sources within Apple" said updates made in macOS 10.13.2 have mitigated most security concerns associated with the CPU vulnerability, giving good reason to believe any potential bugs, namely Spectre and Meltdown, are not a threat to Mac operating systems.

Nevertheless, the chip design flaw shouldn't be taken lightly. The vulnerability allegedly affects all systems running Intel x86 chips and is present across all popular operating systems, including Windows, Linux, and macOS, but is currently under embargo, meaning the full details of the bug are yet to be officially announced.

If left unpatched, the bug allows normal user programs, such as database applications and JavaScript in web browsers, to distinguish some of the layout or contents of protected kernel memory areas of the chips. This could present a particular problem for owners of older hardware that doesn't support macOS High Sierra.

The major problem for users who can install the patch, however, is it will cause declines in performance for the affected machines by as much as 30%.

07/12/2017: Apple has released a new update to its High Sierra operating system that offers a permanent fix to the widely reported root password bug and several other improvements to security and enterprise features.

MacOS 10.13.2 should put an end to the problems that have plagued Apple over the past few weeks. The discovery of a critical password exploit in November led to a botched update that not only failed to provide a permanent fix to the issue but also broke file-sharing for many users.

Alongside a fix to the password bug, where users who typed 'root' into a user login prompt without a password gained access to the device, the update also adds a number of improvements to the mail app, including the removal of a number of S/MIME encryption bugs, and some fixes to the Intel graphics driver, which was causing unexpected crashes for some users.

There are also a handful of improvements to enterprise features, including bug fixes to the Mac App Store when using proxy connections, and improved compatibility with SMB home directories.

Performance has also been improved when using credentials stored in the Mac keychain, there's now better compatibility with third-party USB audio devices, and VoiceOver navigation has been improved when viewing PDF documents.

As with any update, it's worth backing up your data before you install it. Version 10.13.2 is available through the "Updates" section of the App Store app.

04/12/2017: Apple's password bug returns on High Sierra update

Apple's patch to address a serious password bug on macOS High Sierra may not have fixed the original problem, with the flaw reappearing for some users.

The tech giant intended to plug a hole in High Sierra version 10.13 that would allow anyone with physical access, or remote access through a software client, to bypass security screens and grant themselves admin privileges, simply by typinig in "root" as their username and leaving the password field blank.

Apple issued the patch almost immediately last week, but once updated, users began to notice they could no longer authorise their connections to their file-sharing client, which is used by both personal and business users.

Unfortunately, it now appears that the order in which users apply the patches may cause the original password exploit to return, according to Wired. Users who had not yet upgraded their systems to the latest High Sierra 10.13.1 build, but had downloaded and applied Apple's security patch, told Wired that the "root" bug resurfaces when they install the newest OS system.

Even if some users reinstall the security patch after upgrading, there are many other users who will be unaware of the issue and are left open to the vulnerability, Thomas Reed, a researcher at Malwarebytes, told the publication.

"I installed the update again from the App Store, and verified that I could still trigger the bug. That is bad, bad bad," said Reed. "Anyone who hasn't yet updated to 10.13.1, they're now in the pipeline headed straight for this issue."

It's not exactly clear how many users have been affected by this particular bug, as there's no data on how many people installed the patch prior to upgrading to the latest version of High Sierra.

Aside from being forced to apologise to users over the password bug, Apple has also faced criticism after malicious code was discovered hiding on the High Sierra OS shortly after its launch, thought to be capable of stealing the contents of a user's keychain without a password.

30/11/2017: Apple's hasty High Sierra password patch breaks file sharing

In a frantic effort to fix a newly discovered password bug in MacOS High Sierra, Apple managed to break another feature that allowed users to share files across a network.

An update was hurried out yesterday to address a major security flaw affecting its root password that allowed anyone to gain admin-level access without having to input a code. This meant that not only could someone look at your files if they had your machine, but potentially anyone with remote access could do the same.

However, once the patch was installed, users began reporting that they were unable to access file sharing or authenticate their machines, affecting both business and personal users.

Apple has acknowledged the problem and is presumably working on a patch to fix the bug it created with the first. Let's hope there's not a third.

In the meantime, Apple has put together a guide on how users can get around the problem, however, it requires the use of command line prompts.

1. Open the Terminal app, which is in the Utilities folder of your Applications folder.2. Type sudo /usr/libexec/configureLocalKDC and press Return.3. Enter your administrator password and press Return.4. Quit the Terminal app.

See more
See more

29/11/2017: Apple users, beware: a developer has spotted a serious flaw in MacOS High Sierra.

Anyone can unlock admin-level access without a password, simply by typing "root" in the username, and tapping "enter" multiple times, leaving the password field empty. The flaw applies to the most recent version of MacOS, High Sierra 10.13.1.

That means anyone can access your computer if they have access to the machine, and, in theory, it could also be exploited by anyone with remote access to your machine.

Apple said: "We are working on a software update to address this issue." In the meantime, the company suggested setting a root password to prevent unauthorised access, with instructions on how to do so here.

The flaw was first spotted by developer Lemi Orhan Ergin, who reported it over Twitter.

There, he's been criticised for not following so-called responsible disclosure rules by alerting Apple first, but defended by others, who pointed out that he was only warning users of Apple's flaw. Plus, to use Apple's Bug Reporter system, you need to be a developer with an Apple ID.

06/10/2017: Just weeks after its release, a developer discovered a major vulnerability in Apple's latest OS.

Matheus Mariano, a Brazilian software developer, discovered a serious vulnerability in macOS High Sierra, specifically with its new file system, Apple File System (APFS), which was designed to have better encryption and efficiency.

The bug plainly reveals the passwords of encrypted APFS volumes when you click "show password hint" while in Disk Utility. On his blog explaining how he found the bug, Mariano wrote: "I really don't know how this went unnoticed by Apple (and anyone else)."

According to Felix Schwar as reported by The Inquirer, the bug is expected to only affect Macs with SSD storage. Those who did not create a password hint or do not use Disk Utility should not be affected either.

Apple quickly released a new update to rectify the issue as well, so those already with the macOS High Sierra 10.13 will be protected from the bug. Along with the new update, Apple released a support document which outlines how to protect data if the password rather than the password hint is being shown on an encrypted APFS volume.

Apple's support document also that states the new update fixes another vulnerability that could allow hackers to access usernames and passwords within Keychain as well as makes other improvements.

26/09/2017: A US security researcher reportedly discovered a zero-day vulnerability in Apple's new macOS High Sierra operating system mere hours before it was scheduled to release.

The vulnerability, which was unearthed by Patrick Wardle, chief security researcher at Synack, was shown to affect a Mac's Keychain, allowing a user to extract passwords without a master login.

The former NSA hacker posted a video on Monday demonstrating the flaw working on High Sierra, but it is thought that older versions of both macOS and OS X are also affected.

Using a custom made "keychainStealer" application, Wardle was able to demonstrate an exploit that allows hackers to peer into a Keychain of saved passwords, exposing everything from social media accounts to saved credit card numbers.

Wardle claims that the exploit could be embedded into legitimate-looking apps to pull passwords from unsuspecting users. Speaking to ZDNet, he said: "If I was an attacker or designing a macOS implant, this would be the 'dump keychain' plugin."

"Apple marketing has done a great job convincing people that macOS is secure," added Wardle, "and I think that this is rather irresponsible and leads to issues where Mac users are overconfident and thus more vulnerable."

Wardle reported the bug to Apple earlier this month, but it appears a fix has yet to make its way into a High Sierra patch.

"MacOS is designed to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval," said Apple in a statement to CNET.

"We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that macOS presents."

Despite Apple's advice, Wardle claims that signed apps can also be used to exploit the bug, meaning the code could be hidden inside legitimate apps downloaded from the store.

Unfortunately for Wardle, Apple's bug bounty programme, which can award up to $200,000, doesn't cover macOS exploits.

25/09/2017: The new macOS High Sierra is set to be released today, following Apple's preview of its operating system update at WWDC in June.

Mac users can enjoy a host of new behind-the-scenes tweaks and upgrades including a new Apple File System, which is available to every Mac with all-flash internal storage. It has an advanced architecture, is more responsive and Apple claims it is more safe and secure.

Through High Sierra, developers can now also create virtual reality experiences on the Mac for the first time, as long as they have the new iMac with Retina 5K display, the new iMac Pro coming in late 2017, or any supported Mac with an external GPU. There's optimised support for SteamVR and the HTC Vive, too.

It's also easy to share any file in iCloud Drive with a simple link. When you send the link, the recipient simply needs to click on it to begin working, much like other cloud services such as Google Drive.

Video editors will be pleased to see the update brings in HEVC (High Efficiency Video Coding), which can compress videos up to 40% better than H.264. Videos will stream better and take up less space while preserving the same video quality.

There's new features in the Photos app, a new web browsing experience in Safari and even a faster way to browse Mail. Safari also keeps unexpected and unwanted autoplay videos from playing, although you can authorise certain sites to autoplay these kind of videos too.

Finally, Siri is more expressive, with a more natural voice, and she also can learn your music preferences by seeing what you listen to on Apple Music.

Apple announced the new update in June at WWDC and announced the date of the release during its Apple event in Cupertino two weeks ago. It did not mention the release date during its livestream, but instead quietly updated its website to show it there.

At the event, Apple announced the launch of the iPhone 8, iPhone 8 Plus and the iPhone X. The iPhone 8 was available from last Friday, although it met a somewhat muted reception around the world. The short queues for the device have been put down to the iPhone 8's biggest sibling launching in November, the iPhone X, with more customers choosing to wait longer to spend more money on the 999 flagship phone.

Features

Virtual Reality

macOS High Sierra is more of a behind-the-scenes refresh rather than a brand new OS, but there are still some standout new features in the update. The biggest of these is a heavier focus on VR, with heaps of new support for SteamVR, which is currently being optimised by Valve to run on Macs. Unity and Epic are also doing the same with their own VR engines, and HTC has also said its Vive headset will be compatible with High Sierra.

Metal 2

Apple also revealed its updated developer platform known as Metal 2. This promises to make it easier to tap into the GPU power of the Mac range, featuring a new API that adds support for machine learning, speech recognition and natural language processing for the development of apps.

Apple File System (APFS)

The Apple File System will also be a feature on the new OS, a highly sought after addition that will modernise file storage on Macs. It will drastically improve performance on file transfers and backups, as well as provide a one-stop place for accessing locally stored content and data held in third party apps such as Box and Dropbox.

Safari

Safari also sees a significant performance boost under High Sierra, delivering up to 80% faster speeds over major rival Google Chrome, according to Apple's own statistics. It will also include a new Auto Blocking feature that blocks auto-play videos on websites, as well as a Split View mode for the Mail app.

Photos

The Photos app now has a new Edit view that allows users to fine-tune the colours and contrast of an image, and will also, for the first time, grant direct access to third-party publishing services from within the app. So far Animoto, Shutterfly and Wix are confirmed Apple partners, with more likely to be added nearer full release.

Name

Ever since 2013, Apple has named its macOS releases after locations and landmarks in its home state of California. We've already had Sierra, El Capitan, Yosemite and Mavericks.

As this latest release focuses on behind-the-scenes tweaks, rather than brand new user facing features, Apple has decided to name it 'macOS High Sierra' (essentially macOS Sierra 2.0).

Release date

High Sierra will officially be available on 25 September.

Apple first unveiled High Sierra at its WWDC 2017 event in San Jose on 5 June, which also signaled the release of the developer preview build.

A public beta of the OS is planned for the end of June, although no specific date has been announced. Following a short beta period, it will soon be available.

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.