MacOS – How to include recent security patch (APFS plain password vulnerability) into already downloaded macOS High Sierra installer image

high sierramacossoftware-update

Several hours ago Apple released a fix update for macOS that solves the issue with "Vulnerability Exposes Password of Encrypted APFS Volumes in Plain Text".

My question is:

Straight when High Sierra became available I pulled the Installer (last icon in the bottom right corner).

I assume that this files does NOT have recent patch included since it was downloaded before the fix was created / released. Now pretend that I will make a bootable USB flash drive and install this version of High Sierra in another MacBook. To get the fix I will pave to go to App Store and search for updates but what if (in theory) I won't have internet connection on that Mac?

Exact question:
How to always get installer with recent fixes? Should I remove that file from /Applications and re-download it each time new minor version (10.13.X) will be released?

On my main Mac I noticed that High Sierra is versioned as 10.13 but after installing the update the version stayed unchanged. It's not 10.13.1.

Best Answer

You can't merge an update into an older macOS installer app easily. So you have to re-download the full installer to get the most current version. Check that you don't get the restricted (20 MB) installer only app.

After downloading the first full installer (without installing it), move it to a folder and create a dmg choosing the folder (or alternatively zip the app).

Then install the upgrade or trash the macOS installer.app.

After Apple announces and publishes a new installer (not necessarily as a point release update), download it again. Repeat the steps above. If you don't need the old installer.dmg anymore, trash it. I usually keep them.

Under certain circumstances (often after moving the macOS installer.app to an arbitrary folder) downloading the new release will replace the old macOS installer in-place.

To check the build version grep the the file /Contents/Info.plist for DTSDKBuild:

grep DTSDKBuild -A1 .../Install\ macOS\ High\ Sierra.app/Contents/Info.plist

The golden master's build version was 17A362a.

The first installer's build version available to the public was 17A364.

The latest build version as of today is 17A400 (small installer) or 17A403 (large installer).

Related Solutions

MacOS – MS Remote Desktop – drives not mapping – broken by Sierra update 10.12.2

It's always got to be worth trying the new v8.2 version, currently in beta. I've been using it myself for quite some time & it's a lot better than the current release v8.0 in many respects.

MS Technet blog: Remote Desktop Client Preview for Mac supports multiple monitors and more

Download: https://rink.hockeyapp.net/apps/5e0c144289a51fca2d3bfa39ce7f2b06/

Highlights -

Multiple monitor support

The preview app now supports the ability to use multiple monitors in your remote session. You can enable multiple monitors for a desktop connection from the additional options.

Copy and Paste files

In addition to supporting copy/paste of text and images, the preview app now supports copy/paste of files so that you can transfer files into and out of the remote session using both Command X/C/V and CTRL X/C/V.

Updates to the keyboard

We’ve changed how the Beta app keyboard works to behave exactly like the Remote Desktop client store app. The Beta app initially used a new implementation of the keyboard; however, many of you reported that this new keyboard introduced several issues with typing into apps like the Hyper-v console and typing certain language characters. The Beta app will continue to support both Command X/C/V and Ctrl X/C/V to copy and paste between the local desktop and remote session. Use the Beta app Help->Report an issue option to share your feedback about the keyboard. Learn more about how the keyboard works in a remote session.

MacOS – How to abort a High Sierra installation

You should be able to safely abort the install. Quit the installer without reboot. Then open Terminal.app and remove the installer folder (SIP has to be disabled to remove everything - most files and folders are deleted though, even when SIP is enabled!):

sudo rm -Rf /macOS\ Install\ Data

Then enter

sudo systemsetup -setstartupdisk /System/Library/CoreServices

A quick scan revealed that the only file/bundle installed/replaced (except some receipts) is /System/Library/CoreServices/MRT.app

Its version number is 1.23. The original file's version in macOS Sierra is 1.22. MRT is (Apple's) Malware Removal Tool.

If SIP is enabled I recommend to execute the steps above. Then immediately boot to Recovery Mode and disable SIP. Then reboot opening the Start Up Prefs and choosing your main volume. Remove the remnants of the macOS Install Data folder (which should be possible now).

Reboot again to Recovery Mode and enable SIP again. Reboot to the main volume.

Apparently Sierra's MRT.app isn't available in any Sierra Combo updater. You would have to extract and re-install it using Pacifist and the latest macOS Sierra installer.

High Sierra's MRT.app may also work in Sierra; so it's unclear whether installing the original version is really required.

Best Answer

Related Solutions

MacOS – MS Remote Desktop – drives not mapping – broken by Sierra update 10.12.2

MacOS – How to abort a High Sierra installation

Related Question