Apple Security Update - 7-12-02 (http://www.versiontracker.com/moreinfo.fcgi?id=15352&db=macosx) - 841K at versiontracker.com

"Security Update 7-12-02 increases the security of the Software Update process for systems with Software Update client 1.4.5 or earlier. Packages presented via the Software Update mechanism are now cryptographically signed, and the new Software Update client 1.4.6 checks for a valid signature before installing new packages. Downloaded packages which do not contain a valid signature are deleted from the system."

it is an "Installer package". it plops down:

/System/Library/CoreServices/Software Update.app

and

/System/Library/PreferencePanes/SoftwareUpdate.prefPane

and commando mode

/usr/sbin/softwareupdate

and man page

/usr/share/man/man8/softwareupdate.8


% softwareupdate

Software Update found the following new or updated software:
- ExampleUpdate
My Example Software (5.0.2), 1292K

% sudo softwareupdate ExampleUpdate

Downloading "My Example Software"... 10% 20% 30% 40% 50%
Unarchiving "My Example Software"... 50%
Installing "My Example Software"... 50% 60% 71% 83% 99%

[edit: this update was not available in the SU pref panel when i checked ;]

Well, being the intrepid sort I've installed this on one of my systems. No ill effects; about the only thing I've noticed is that the inactive language updates have disappeared when I run Software Update. I'm taking this to mean that the digital signing process will produce new updates.

I'm not sure what the effect of applying this on anything earlier than 10.1.5 would be, so I'd suggest waiting for a few days and see how this plays out. It's not all that likely that many more updates will happen to the 10.1.x family anyway.

the inactive updates had disappeared before i installed the update.

i forgot to mention that when i saw the update on vt, i was curious to discover if all the previous 'inactive' updates were deprecated. so i launched SU and, yep. they were. not there, that is. neither was this update. that makes sense.

the update is self contained in the three germane tools, so it must use already established security/encryption framework. but we shall see.

Here's (https://depot.info.apple.com/security7-12/) the secure download page with the checksum verification info for the prudent.

here's some issues, from MFI, that i was worried about...

Reader reports also note an inability to install new standalone OS versions after applying the secuirty update. Barry Lubov explains:

"I downloaded the 10.1.5 Updater and attempted to run it manually on a brand new install of 10.1.3. After applying the security update from Software Update, I tried to run the updater I downloaded and it claims my hard drive does not qualify for the update."

UPDATE: Mike Heacox adds:

"The security update appears to not only eliminate all previous uninstalled updates from the Software Update window; it also makes it impossible to update from 10.1.4 via any standalone updater program. The installer process starts, and when the install to pane appears, the OS X partition is grayed out."

Morimoto Takasi notes a possible, unconfirmed and potentially hazardous method for disabling the authentication requirement

"When software updates run, they search for '/usr/sbin/softwareupdate.' If it is found, the installations are stopped. '/usr/sbin/softwareupdate' was installed by Security Update 7-12-02. Renaming or deleting this file will disable authentication."

can we hear your experiences here?

evidence of the situation...

http://forums.macosxhints.com/showthread.php?s=&threadid=4134

anybody got any advice for this user? saw somewhere about deleting
/usr/sbin/softwareupdate, but i can't remember, or fathom that that would do it.