E arlier this month Russell Harding of the University of Colorado released an advisory which said that Appleis Software Update client is a security hole through which hackers may sneak malicious code into your OS X running Mac. Apple has quickly responded to the alert, and released an update to the Software Update client late Friday that addresses the problem. From Apple:
Security Update 7-12-02 increases the security of the Software Update process for systems with Software Update client 1.4.5 or earlier. Packages presented via the Software Update mechanism are now cryptographically signed, and the new Software Update client 1.4.6 checks for a valid signature before installing new packages. Downloaded packages which do not contain a valid signature are deleted from the system.
Security Update 7-12-02 may be obtained via the Download link on this page (requires Mac OS X 10.1 or later) and will be available soon through the Software Update pane in System Preferences (requires 10.1.1 or later).
We highly recommend that to download the Security Update 7-12-02, which can be found at Appleis Knowledge Base site, Version Tracker, and, interestingly enough, through Software Update via Apple/System Preference in OS X.