Over the weekend Apple released another security update that addresses the hole in the Software Update application as described by an earlier update. From the Security Update 7-18-02 Read Me file:
Security Update 7-18-02 delivers a more secure Software Update service, as well as an updated Software Update command line tool, to verify that future updates originate from Apple.
Apple is going all out to insure that this hole is sealed tightly by providing instruction for verifying that you have the proper program via an old UNIX validation method called checksum, which offers a hexadecimal ikeyi to match against the key produced after installing the update. If the keys match then you are good to go, otherwise you may want to download and reinstall the patch. Here are the instructions for performing a checksum on the update:
How to verify the checksum of this download
Important: This section is optional, it is being provided for those individuals who want to verify the authenticity of this update. Generate a checksum for the Software Update application
- Open Terminal
- Type the following at the terminal prompt: /usr/bin/openssl sha1 [full path to file]
Example: /usr/bin/openssl sha1 /Users/test/Documents/SecurityUpdate7-12-02.dmg
The checksum is displayed as: sha1 ([full path to the file])= [checksum amount]
Example: SHA1(/Users/test/Documents/Security Update 7-18-02.dmg)= d407af740a6265730e7b56f6de5360011ce0c7c6
The file to checksum is SecurityUpdate7-18-02.dmg
The SHA1 checksum of the Software Update client is d407af740a6265730e7b56f6de5360011ce0c7c6
As an extra security measure, this information is also available via a secure server at:
https://depot.info.apple.com/security7-18/