To ensure the authenticity of its software updates, Apple digitally signs all updates and offers them exclusively through the Mac App Store or Apple Support Downloads site. Always get Apple software updates from one of these sources, and always check these sources to make sure that you have the latest software version.
Some software updates are automatically verified
If you use the Mac App Store (or Software Update in earlier versions of OS X) to download and install an Apple software update, Apple's digital signature is automatically verified before installation.
Manually downloaded software updates can be verified manually
If you manually download an Apple software update, you can confirm that the update is authentic and complete by verifying the digital signature before installation.
- Double-click the software update package (.pkg) file to open the installer.
- Click the lock
or certificate
icon in the upper-right corner of the installer window to see information about the certificate. If neither icon is present, the package is unsigned, and you shouldn't install it.
- Select "Apple Software Update Certificate Authority," as pictured below. If you see a different certificate authority, or the certificate doesn't have a green checkmark indicating that the certificate is valid, don't install the package.
- Click the triangle next to the word "Details" to see more information about the certificate.
- Scroll to the bottom of the Details section to see the SHA1 fingerprint.
- Make sure that the SHA1 fingerprint in the installer matches one of the following fingerprints from Apple's current or earlier certificate. If they match, the signature is verified: click OK and allow the installer to continue.
SHA1 FA 02 79 0F CE 9D 93 00 89 C8 C2 51 0B BC 50 B4 85 8E 6F BF
SHA1 9C 86 47 71 48 B3 D7 04 24 7A 3C 3F 56 EA 2D E5 94 4B 01 C2
The installer automatically verifies the files in the package. If any file has an issue, installation stops without changes to your system, and you'll see a message that the installer encountered an error.