Apple Software Update

"Software Update" redirects here. For software updates in general, see Patch (computing).

Apple Software Update

Software Update in OS X Lion
Developer(s)	Apple Inc.
Operating system	Mac OS 9 OS X Windows
Type	System Utility
License	Proprietary
Website	www.apple.com/softwareupdate

Software Update is a software tool by Apple Inc. that installs the latest version of Apple software on computers running OS X. It was originally introduced to Mac users in Mac OS 9. A Windows version has been available since the introduction of iTunes 7, under the name Apple Software Update. Software Update automatically informs users of new updates.

Functionality

The program is part of the CoreServices in OS X. Software Update can be set to check for updates daily, weekly, monthly, or not at all; in addition, it can download and store the associated .pkg file (the same type used by Installer) to be installed at a later date and maintains a history of installed updates.

Software Updates consist of incremental updates of the Mac OS and its applications, Security Updates, device drivers and firmware updates. All software updates require the user to enter their administrative password, as with all consequential system changes. Some updates require a system restart. Starting with OS X 10.5, updates that require a reboot log out the user prior to installation and automatically restart the computer when complete; in earlier versions, the updates are installed, but critical files are not replaced until the next system startup.

As of OS X Mountain Lion, Software Update has been merged into the Mac App Store.

Criticism

Apple Software Update under Wireshark

Software Update uses predictable TCP sequence numbers and plain text HTTP. Neither the command line nor GUI tools allow the user to use unpredictable sequence numbers or HTTPS. Mac OS X 10.8 uses HTTPS by default and allows a user to downgrade to HTTP, but still uses predictable sequence numbers.^[1]

Apple's Software Update download server allows weak and wounded ciphers, and the server does not support secure renegotiation. Performing test connections using openssl s_client showed the server would agree to RC4-MD5. In fact, ARC4-MD5 was the server's preferred cipher. While confidentiality is not an issue (everyone gets the same update), authenticity is an issue and user must have assurances that they are communicating with the expected server and the communications are not tampered (MD5 is considered insecure by the cryptographic community, and should not be used).^[2]

In March 2008, Apple began offering its web browser, Safari, through Apple Software Update for Windows. The Safari download was selected by default for installation by Apple Software Update.^[3] After significant criticism from the community, Apple changed its policy and Safari was no longer selected by default for download.^[4] Apple Software Update for Windows now offers new software and an optional download, in addition to updates for already-installed software.

References

↑ OS X: Updating OS X and Mac App Store apps, September 19, 2012, retrieved September 23, 2012
↑ Schneier, Bruce (August 19, 2004), Cryptanalysis of MD5 and SHA: Time for a New Standard, retrieved September 23, 2012 Check date values in: |year= / |date= mismatch (help)
↑ "Apple pushes Safari on Windows via iTunes updater". CNET. Retrieved October 23, 2009.
↑ "Apple updates Software Update for Windows, Safari optional". Ars Technica. Archived from the original on October 12, 2009. Retrieved October 23, 2009.

External links

Using Software Update for Windows to keep your Apple software up-to-date

OS X

Versions

Applications

Automator Calculator Calendar Chess Contacts Dashboard Dictionary DVD Player FaceTime Finder Game Center Grapher iTunes (version history) Mac App Store Mail Messages Notes Notification Center Photo Booth Photos Preview QuickTime Reminders Safari (version history) Stickies TextEdit

Discontinued	Front Row iChat iPhoto iSync Sherlock

Utilities

Activity Monitor AirPort Utility AppleScript Editor Archive Utility Audio MIDI Setup Bluetooth File Exchange ColorSync Configurator Console Crash Reporter DigitalColor Meter Directory Utility DiskImageMounter Disk Utility Font Book Grab Help Viewer Image Capture Installer Keychain Access Migration Assistant Network Utility ODBC Administrator Screen Sharing System Preferences System Information Terminal Universal Access VoiceOver

Discontinued	Software Update Remote Install Mac OS X

Technology and
user interface

AirDrop Command key Option key Apple menu Apple Push Notification Service AppleScript Aqua Audio Units Bonjour Boot Camp Cocoa ColorSync Core Animation Core Audio Core Data Core Foundation Core Image Core OpenGL Core Text Core Video CUPS Cover Flow Darwin Dock FileVault Gatekeeper Grand Central Dispatch icns Inkwell I/O Kit Kernel panic Keychain launchd Launchpad Mach-O MacRuby Menu extra Mission Control OpenCL Preference Pane Property list Quartz QuickTime Quick Look Smart Folders Speakable items Spotlight Stacks Time Machine Uniform Type Identifier Universal binary WebKit XNU XQuartz

Deprecated	Carbon

Discontinued	BootX Brushed metal Classic Environment Rosetta Spaces Xgrid

Mac OS

Applications	Calculator Chooser Drive Setup DVD Player Finder Graphing Calculator Keychain Access PictureViewer PowerTalk QuickTime Player Network Browser Scrapbook Sherlock Software Update Stickies System Information SimpleText

Developer	MacsBug Macintosh Programmer's Workshop ResEdit

Technology	Alias Apple menu Balloon help Bomb Error Command (⌘) Control Panel Control Strip Creator code Hierarchical File System HFS Plus Keychain Labels Macintosh File System Option (⌥) OSType PICT QuickDraw QuickTime Resource fork Special menu Startup Screen System Folder System suitcase Type code WorldScript

Related articles	Manager Toolbox Memory Management Old World ROM New World ROM EFI

Apple Inc. software on Windows platforms

Software	Bonjour Boot Camp iCloud iTunes QuickTime Software Update

Discontinued	AirPort Utility (still available) AppleWorks (still available) MobileMe (replaced by iCloud) Safari (still available)