HT208535 macOS High Sierra 10.13.3 Supplemental Update

Recently my Mac informed me about a new security update for macOS High Sierra. As always I was reading about this security update… And I was totally in shock after reading the issue and how to solve it.

Let me share with you the content of this security update.

macOS High Sierra 10.13.3 Supplemental Update

Released February 19, 2018

CoreText

Available for: macOS High Sierra 10.13.3

Impact: Processing a maliciously crafted string may lead to heap corruption

Description: A memory corruption issue was addressed through improved input validation.

CVE-2018-4124: an anonymous researcher

You can visit this link to see the full notice: https://support.apple.com/en-us/HT208535

Have you read the security patch description ? These are the important parts:

  1. Impact: Processing a maliciously crafted string may lead to heap corruption

  2. Description: A memory corruption issue was addressed through improved input validation.

The thing that made me get shocked was this:

issue was addressed through improved input validation.

Improved input validation

If you have ever programmed anything for the end user, such a web form to send some information or any kind of screen for any app which is getting some values from the end user, process them and give you a response, all of them need strong input validation, not only client side (in the end user’s browser) but in the backend side. We’re just talking about an application or a web form.

I got amazed by the fact that this memory corruption issue that could cause corruption in the heap memory was as simple to fix as just improve the input validation.

I think that is the first thing you learn when you build something for the end user. Any programmer knows when he or she works for the user, that you’re gonna spend a lot of time doing always the same, input validation in both sides (client side, backend side). This is a really tedious task but necessary. Even having these two barriers to beat, some users could pass them and finally inject some kind of value in your process that could give some headaches.

Basically the thing that impressed me is the fact that this happens at any level in computer science, from the hardware to the software, passing from any layer. Just something to consider in your next line of code, be sure that everything is correctly validated.

Let’s do it better, let’s improve our input validations.

Happy coding !