How to verify the authenticity of manually downloaded Apple software updates

If you manually download an update package for Mac, you can verify the signature to confirm that the package is authentic and complete.

To ensure the authenticity of its software updates, Apple digitally signs all updates and offers them exclusively through the App Store or Apple Support Downloads site. Always get Apple software updates from one of these sources, and always check these sources to make sure that you have the latest software version.

Some software updates are automatically verified

When you download and install an update from Apple, Apple's digital signature is automatically verified before installation.

Manually downloaded software updates can be verified manually

If you manually download an Apple software update, you can confirm that the update is authentic and complete by verifying the digital signature before installation.

  1. Double-click the software update package (.pkg) file to open the installer.
  2. Click the lock icon  or certificate icon  in the upper-right corner of the installer window to see information about the certificate. If neither icon is present, the package is unsigned, and you shouldn't install it.
  3. Select "Apple Software Update Certificate Authority," as pictured below. If you see a different certificate authority, or the certificate doesn't have a green checkmark indicating that the certificate is valid, don't install the package.

  4. Click the triangle next to the word "Details" to see more information about the certificate.
  5. Scroll to the bottom of the Details section to see the SHA-256 fingerprint.

  6. Make sure that the SHA-256 fingerprint in the installer matches one of the following fingerprints from Apple's current or earlier certificate. If they match, the signature is verified: click OK and allow the installer to continue.

    SHA-256 12 99 E9 BF E7 76 A2 9F F4 52 F8 C4 F5 E5 5F 3B 4D FD 29 34 34 9D D1 85 0B 82 74 F3 5C 71 74 5C

The installer automatically verifies the files in the package. If any file has an issue, installation stops without changes to your system, and you'll see a message that the installer encountered an error.

Published Date: