Apple security advisories are signed with the Apple Product Security PGP key. Sensitive security information may be encrypted to this key when communicating with Apple Product Security.
As a good security practice, you should validate PGP keys you receive, and not trust keys that cannot be validated. Information to validate the Apple Product Security PGP Key is available from https://www.apple.com/support/security/pgp/.
To verify the authenticity of a security notification, compare its key signature with the Apple Product Security key documented above.
More information about Apple Product Security is available at http://www.apple.com/support/security/.