HT202369: How to verify the authenticity of manually downloaded Apple software updates
Learn about How to verify the authenticity of manually downloaded Apple software updates
-
All replies
-
Helpful answers
-
Sep 1, 2015 5:27 AM in response to vikrantislavby greg sahli,All of that stuff is checked automatically on OS X. Where are you downloading OS X updates from?
-
Dec 29, 2015 12:21 PM in response to vikrantislavby useratt12,While the update software does automatic checking, the SHA1 fingerprints should still match what is in the article. I find, as you do, that they do not match:
The SHA-1 fingerprints for both osxupd10.10.5.dmg and itunes12.3.2.dmg do not have on of the fingerprints shown in this article, but rather: 1E 34 E3 91 C6 44 37 DD 24 BE 57 B1 66 7B 2F DA 09 76 E1 FD . Is the article mistaken? or the download invalid? According to the article, we should not use these files.
Article
HT202369: How to verify the authenticity of manually downloaded Apple software updates
shows two valid Apple SHA-1 fingerprints:
Make sure that the SHA1 fingerprint in the installer matches one of the following fingerprints from Apple's current or earlier certificate. If they match, the signature is verified: click OK and allow the installer to continue.
SHA1 FA 02 79 0F CE 9D 93 00 89 C8 C2 51 0B BC 50 B4 85 8E 6F BFSHA1 9C 86 47 71 48 B3 D7 04 24 7A 3C 3F 56 EA 2D E5 94 4B 01 C2