To ensure the authenticity of its software updates, Apple digitally signs all updates and offers them exclusively through the App Store or Apple Support Downloads site. Always get Apple software updates from one of these sources, and always check these sources to make sure that you have the latest software version.
Some software updates are automatically verified
When you download and install an update from Apple, Apple's digital signature is automatically verified before installation.
Manually downloaded software updates can be verified manually
If you manually download an Apple software update, you can confirm that the update is authentic and complete by verifying the digital signature before installation.
- Double-click the software update package (.pkg) file to open the installer.
- Click the lock icon
or certificate icon 
in the upper-right corner of the installer window to see information about the certificate. If neither icon is present, the package is unsigned, and you shouldn't install it. - Select "Apple Software Update Certificate Authority," as pictured below. If you see a different certificate authority, or the certificate doesn't have a green checkmark indicating that the certificate is valid, don't install the package.
- Click the triangle next to the word "Details" to see more information about the certificate.
- Scroll to the bottom of the Details section to see the SHA-256 fingerprint.
- Make sure that the SHA-256 fingerprint in the installer matches one of the following fingerprints from Apple's current or earlier certificate. If they match, the signature is verified: click OK and allow the installer to continue.
SHA-256 12 99 E9 BF E7 76 A2 9F F4 52 F8 C4 F5 E5 5F 3B 4D FD 29 34 34 9D D1 85 0B 82 74 F3 5C 71 74 5C
The installer automatically verifies the files in the package. If any file has an issue, installation stops without changes to your system, and you'll see a message that the installer encountered an error.