CVE-2018-4187: Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_) The update, which Apple labels as Security Update 2018-001, is predictably recommended for all Mac users in order to help improve the security of macOS.

• Mac Os Update 2018
• Security Update For Mac 2018-01
• Security Update For Mac 2018 Collections

Most Apple users install updates, but there's always a small group of people who, for various reasons, lag behind when it comes to installing updates, for one reason or another, legitimate, or not.

Today, Apple officially released a security update for macOS High Sierra 10.13.4. For Mac owners, the new security update is available as a download from the Mac App Store. Simply open the digital storefront and head over to the Updates tab. Hi, Just tried to update my Mac Pro late 2013 with the newly released Apple security update 2018-002 10.13.6, both via the Mac App Store and by downloading it directly from Apple. Carbon Black has now made generally available releases to Cb Protection and Cb Response to support the latest OS versions and security update (Security Update 2018-001) from Apple for the following Mac sensor/agent releases. The Security Update 2018-002 packages for El Capitan and Sierra are exclusively for security patches and are also recommended to install for any Mac user running those versions of system software. A new version of Safari 11.1 is also available for the earlier MacOS releases. Name and information link. Available for. Release date. MacOS Mojave 10.14.1 Supplemental Update for MacBook Air (2018) This update has no published CVE entries.

If you're one of the users in the latter category, then you should be aware that the letter 'd' is not always the letter 'd' when displayed inside the Safari address bar.

This might sound like a non-issue, but it's actually a very important problem that all Apple users who don't run the latest OS software need to be aware of, as they could fall victims to what security researchers call 'IDN homograph attacks.'

ZDNet: Black Friday 2018 deals: Business Bargain Hunter's top picks | Cyber Monday 2018 deals: Business Bargain Hunter's top picks

IDN homograph attacks happen when someone registers a domain using Unicode characters that look like standard Latin letters, but they are not. For example, coinḃase.com is an IDM homograph attack for coinbase.com (notice the dot above the letter b).

These lookalike domains are usually used for phishing, tricking users into thinking they accessed a legitimate site when they're on a cleverly crafted clone.

IDN homograph attacks have been an issue over the past year, and several incidents have been reported in the security news media about homograph attacks against cryptocurrency exchanges in 2017 and 2018 [1, 2, 3].

Driven by this new wave of homograph attacks, xisigr, a security researcher at Tencent Security Xuanwu Lab, has recently taken a look at how Apple products handle Unicode characters.

What the researcher found is that Apple does a good job with most Unicode characters, except one --which is the letter dum (ꝱ) (U+A771), part of the extended Latin alphabet character set.

The letter looks like a normal Latin lowercase letter 'd', except it comes with a lower apostrophe. But xisigr found that Safari did not render the small lower apostrophe, displaying the letter dum as a Latin letter d.

The Tencent researcher reported his findings to Apple, who issued security updates in July for Safari, iOS, macOS, tvOS, and watchOS.

Unfortunately, users who have not applied those updates are still vulnerable to phishing attacks. An attacker can record domain names that include the letter dum and he can launch phishing campaigns against Apple users.

Xisigr says the issue should not be ignored because he found that the letter d is part of almost 25 percent of all Top 10,000 domains, providing attackers with a huge phishing surface.

Some of the domains that a phisher could impersonate include LinkedIn, Baidu, Dropbox, Adobe, WordPress, Reddit, or GoDaddy, just to name a few.

Furthermore, even if some domain registrars prevent users from registering domain names that contain Unicode characters, this limitation doesn't apply to the letter dum because it's part of the extended Latin character alphabet, and hence, is considered a standard Latin character.

If Apple users can't update, for the time being, they should at least take notice that the letter 'd' in Safari's URL bar may not actually be 'd' and they should use another browser to navigate the web until they can apply Apple's July security patches.

Related coverage:

• Apple's Safari tests 'not secure' warning for unencrypted websites CNET
  
• How to use Safari's suggested passwords feature TechRepublic
  

Best Black Friday 2018 deals:

Macs may be a far less tempting target for malware and viruses, but they’re not immune from attack. Even if you don’t care about adware or being used as a means to infect users on other platforms, it’s still possible to fall victim to ransomware, password theft, or stolen iPhone backups.

Accordingly, good antivirus software will protect your Mac on all of these fronts. It’ll catch malware that’s still spreading or in circulation; block ransomware; protect older systems with out-of-date software from security vulnerabilities; prevent your Mac from acting as a carrier for malware aimed at other operating systems; and keep infected files off of any virtual machines you’re running.

Antivirus for Mac cheat sheet

Our quick-hit recommendations:

• Best paid antivirus for Mac:Sophos Home Premium for Mac[sophos.com]
• Best free antivirus for Mac:Avast Free Mac Security[avast.com]

Many antivirus suites provide a decent level of protection, but a few rise above all others by providing the very best in performance. Our top contenders dominate by posting perfect (or virtually near perfect) scores from security research labs, passing our own malware detection tests with flying colors, offering well-designed interfaces, and even throwing in extra features like a firewall or password manager.

Mac Os Update 2018

Updated 08/15/19: Added our review of Avira Free Antivirus, a worthy free option that’s easy to use and effective.

Looking for Windows antivirus recommendations? You can read about the best antivirus suites for PC on our sister site, PCWorld.

Best overall antivirus software

Sophos Home Premium has the most extensive and up-to-date approach to fighting malware at an unbeatable price.

Sophos Home Premium has it all: Effective malware protection, ransomware monitoring, protection against potentially-unwanted-apps, and additional features that often require separately licensed software. Its cloud-based configuration and generous licensing (up to 10 Macs and PCs) also make it easy to shield friends and family from threats, no matter where they live. (Full details available in our review.)

Best free antivirus software

Though Sophos does offer a good free version of its software, Avast Free Mac Security edges it out as the best free antivirus software for macOS. In security lab tests, Avast detected 99.9 percent of macOS malware, and 100 percent of Windows malware. However, if you want more advanced protection (like ransomware detection), you’ll need to upgrade to paid software.

What to look for in antivirus software

Security Update For Mac 2018-01

By our reckoning, antivirus software should be able to neutralize a threat before it can begin wreaking havoc. That means preventing the download, installation, or execution of malicious software.

Since you can encounter threats by visiting compromised or malicious websites, receiving virus-laden attachments, or accessing USB drives with malware, good AV software should scan on a continuous basis unless you configure it otherwise. And ideally, files identified as malicious should be quarantined into a special storage area managed by the AV software, with the option to automatically delete files known to be malware or repair normal documents that also carry devious payloads.

Great AV suites also will monitor the filesystem for certain kinds of changes. Ransomware—which is malware that will rapidly encrypt user files like documents and mailboxes and then delete the originals—has become a huge moneymaker on other platforms. As a prime opportunity for attackers, it’s the greatest danger Mac users likely face as a category.

Detecting this pattern and halting it before any files are unavailable should be possible without an anti-malware system knowing the specific innards of a ransomware virus. Sophos, our top pick, includes this feature in the Home Premium version of its 2018 update. Other vendors, like Avast and Trend Micro Antivirus, offer an alternative feature that allows you to whitelist programs allowed to manipulate files in specific directories. So if this particular type of attack becomes rapidly popular, you’ll be protected.

Good antivirus software should also use minimal computational resources. That’s especially the case these days—AV monitoring hasn’t become much more complicated than when it first became available, and faster, multi-core CPUs can easily handle the demands of running AV software in the background without disturbing your active work.

Beyond these primary features, an easy-to-navigate interface and extra features are worth factoring into your decision. Some AV software are full-fledged suites that offer additional options like backup service for essential files, a password manager, parental controls, anti-tracking and privacy modes or options, a more advanced firewall, and the blocking of Potentially Unwanted Applications (PUAs).

How we test

Each software package is evaluated creating a clean installation of macOS Mojave, cloning it for each AV product, and then booting separately into each one to install a different package. This was to ensure that previous app installations didn’t interfere with new ones—sometimes AV software treats other AV software as an infection.

In addition to visiting malicious websites, downloading known malicious software, and even running said malware, we also reference the most recent reports from two labs that regularly cover macOS malware: AV Comparatives and AV-TEST. These laboratories test AV software against sets of known malware as well as products that are grouped as potentially unwanted applications (like adware).

The latter doesn’t damage or expose your computer or its files but may consume power and CPU cycles. Because the testing effectively looks at a combination of virus databases and behavior, they remain good gauges even after many months. When an antivirus software package lacks a rating from a known security research lab, we do more extensive testing with real malware.

Finally, while we gave props for a lot of different features and behaviors, we marked products down if they lacked any or all of the following:

• A nearly perfect score on macOS malware detection
• Ransomware monitoring
• Native browser plug-in or system-level Web proxy
• A high score on Windows malware detection

Privacy concerns

Using an anti-virus product, especially any that includes tools to also improve your online privacy, may lull you into believing you’re safe from personal and private information leaking out. That’s not quite the case. While there’s no reason to panic, you should consider a few reasonable issues.

First, an antivirus product may upload the complete text of files flagged to the cloud, where it can be analyzed by separate tools hosted there. This practice is normal and sensible: Some malware can detect when a running process may examine it, and will then engage in subterfuge. Antivirus software makers also can access their massive databases to examine files with characteristics that trigger their algorithms—certain elements that match known malware. As a result, security researchers discover new viruses, worms, Trojans horses, and the like.

However, helping the greater good means you’ll have to be comfortable with trusting a third-party with your file contents. Where appropriate, we noted privacy policy issues in individual reviews.

Second, this software may also rely partly or entirely on cloud-based checks of URLs, malware, and the like. Accordingly, an AV package might upload every URL you visit, metadata about files, signatures of files, information about your computer’s hardware, a list of running or installed applications, and more. Companies vary on their disclosure of such policies, and may not let you opt out of this kind of sharing. We note issues in each review as available.

Third, anti-virus software makers also get a sense of what behavior is happening on your computer that’s being monitored or blocked, and may use that information for their own purposes. In some cases, you can opt out of this information gathering.

All of our antivirus for Mac reviews

Security Update For Mac 2018 Collections

If you have specific requirements or just wish to see other options, below is a list of all the antivirus software we’ve reviewed. We’ll keep evaluating new and refreshed software on a regular basis, so be sure to come back to see what else we’ve put through the ringer.