How to verify the authenticity of manually downloaded Apple software updates

If you manually download an update package for Mac, you can verify the signature to confirm that the package is authentic and complete.

To ensure the authenticity of its software updates, Apple digitally signs all updates and offers them exclusively through the Mac App Store or Apple Support Downloads site. Always get Apple software updates from one of these sources, and always check these sources to make sure that you have the latest software version.

Some software updates are automatically verified

If you use the Mac App Store (or Software Update in earlier versions of OS X) to download and install an Apple software update, Apple's digital signature is automatically verified before installation.

Manually downloaded software updates can be verified manually

If you manually download an Apple software update, you can confirm that the update is authentic and complete by verifying the digital signature before installation.

  1. Double-click the software update package (.pkg) file to open the installer.
  2. Click the lock  or certificate   icon in the upper-right corner of the installer window to see information about the certificate. If neither icon is present, the package is unsigned, and you shouldn't install it.
  3. Select "Apple Software Update Certificate Authority," as pictured below. If you see a different certificate authority, or the certificate doesn't have a green checkmark indicating that the certificate is valid, don't install the package.
  4. Click the triangle next to the word "Details" to see more information about the certificate.
  5. Scroll to the bottom of the Details section to see the SHA1 fingerprint. 

  6. Make sure that the SHA1 fingerprint in the installer matches one of the following fingerprints from Apple's current or earlier certificate. If they match, the signature is verified: click OK and allow the installer to continue. 

    SHA1 FA 02 79 0F CE 9D 93 00 89 C8 C2 51 0B BC 50 B4 85 8E 6F BF
    SHA1 9C 86 47 71 48 B3 D7 04 24 7A 3C 3F 56 EA 2D E5 94 4B 01 C2

The installer automatically verifies the files in the package. If any file has an issue, installation stops without changes to your system, and you'll see a message that the installer encountered an error.

Published Date: