Alex headshot

AlBlue’s Blog

Macs, Modularity and More

Signed Updates for Mac OS X

2009, mac, security

This is something that I hadn’t seen before. I’m not sure whether it’s new, or whether I’ve not noticed it, but updates from Apple are signed with Apple’s public key. At the top right of the installer image, there’s a small icon that (on close inspection) appears to be a mini ‘certificate’ icon. Clicking on it brings a drop-down sheet which confirms that the key is valid, and when it was issued. The ability to digitally sign (and therefore verify) updates should have been done long ago, but it’s good to see that the automatic process now shows this. However, the question of whether this is almost utterly invisible, combined with the willingness for people to download-and-install anything on the computer, means that in practice whether it’s signed or not is probably a moot point for most people. Now, if we knew whether the softwareupdate would refuse to install anything that wasn’t signed, or wasn’t signed with an appropriate Apple key, then we might have some semblance of security.