Security Alert: Why You Need to Update macOS Now
Apple's incremental updates to macOS may not arrive with many new features, but yesterday's (Jan. 23) macOS 10.12.3 Sierra update is an important security-focused update worth downloading immediately.
Available for free now, the update battens down the hatches to save users from a variety of attacks that could hijack systems at the root level.
In the documentation for the update, the company lists 11 solutions to common vulnerabilities and exposures (CVEs), the formal name for security flaws. Of those, four are especially frightening, as they would give attackers the power to install software with the highest level of access.
These deep-level installations could take place at the kernel level of the system and give access to a Mac's storage, webcam and microphone. Attackers could then transmit that collected information back to their servers, and continue to do so without being noticed. One vulnerability even used Apple's implementation of Bluetooth to execute code at the kernel level.
MORE: Best Apple Laptops
However, there was something missing from yesterday's round of updates: security patches for OS X 10.11 El Capitan and OS X 10.10 Yosemite. This may indicate a new policy on Apple's part, and a possible end of support for the previous versions of the Mac operating system.
Until now, when Apple pushed out an update to the current Mac OS, it usually also pushed out security updates for the previous two versions. So El Capitan and Yosemite got patched in October and December 2016 along with updates to Sierra, and Yosemite and OS X 10.9 Mavericks were patched along with updates to El Capitan before that.
We've asked Apple whether any further security updates are planned for El Capitan and Yosemite, and will update this story when we receive a reply.
To install macOS 10.12.3, click the Apple icon in the top left corner of your screen, select App Store and click Updates.
macOS 10.12.3 includes a Safari update that brings the web browser to version 10.0.3. It includes fixes to 12 flaws, 11 of which patch vulnerabilities in the WebKit engine that allowed malicious content to be delivered onto, or executed on, systems. Safari 10.0.3 is also available as a stand-alone download for users still running OS X El Capitan or OS X Yosemite.
Even Microsoft is getting in on the Apple-device-patching action, with an update to its Remote Desktop service. Without the update, users tricked into clicking a malicious link could hand over read and write access to their home directories, and allow attackers to execute code on their systems. Open the Microsoft AutoUpdate app to download this update.
Researchers from Google's Project Zero team are credited for discovering 10 of the patched vulnerabilities. If you own an iPhone or iPad, make sure that device is updated to version 10.2.1 so that it gains the same patches to WebKit and kernel-level attacks.
If you use a 2016 MacBook Pro and experience battery life issues, this update may provide an added perk. Apple doesn't mention this in its release notes, but Consumer Reports noted that the beta versions of macOS 10.12.3 included the update that solved its issues with unreliable battery life.