Security Update 7-12-02 Fixes Software Update -- Apple has released Security Update 7-12-02 to fix a recently reported problem with Mac OS X's Software Update utility. Software Update 1.4.6 eliminates concern over an attacker setting up a machine to masquerade as the Software Update server swscan.apple.com and deliver malicious programs in the guise of legitimate updates. Although Software Update 1.4.6 still relies on the same server, Apple is now cryptographically signing all downloads, and Software Update installs only downloads that Apple has signed, a capability that has been available in the Mac OS 9 version of Software Update for some time. Downloads that lack a valid signature are deleted. The 2.3 MB Security Update 7-12-02 is available via Software Update itself or as a separate 844K download. [ACE]

<http://docs.info.apple.com/article.html? artnum=75304>
<http://www.cunap.com/%7Ehardingr/projects/osx/ exploit.html>
<http://www.apple.com/support/security/security_ updates.html>

Permanent article URL: http://db.tidbits.com/article/6867
This is a specially formatted version of this TidBITS article that removes colors, and optionally removes images; it's designed to minimize the use of ink and paper.
Unless otherwise noted, this article is copyright © 2002 TidBITS Publishing, Inc.. TidBITS is copyright © 2008 TidBITS Publishing Inc. Reuse governed by this Creative Commons License: http://www.tidbits.com/terms/.