Apple Software Update

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Apple Software Update
Software Update icon.png
Software Update on Mac OS X 10.7.3.png
Software Update in OS X Lion
Developer(s) Apple Inc.
Operating system Mac OS 9
Type System Utility
License Proprietary

Software Update is a software tool by Apple Inc. that installs the latest version of Apple software on computers running OS X. It was originally introduced to Mac users in Mac OS 9. A Windows version has been available since the introduction of iTunes 7, under the name Apple Software Update. Software Update automatically informs users of new updates.

The program is part of the CoreServices in OS X, found at /System/Library/CoreServices/Software, or by choosing Software Update from the Apple menu. Software Update can be set to check for updates daily, weekly, monthly, or not at all; in addition, it can download and store the associated .pkg file (the same type used by Installer) to be installed at a later date and maintains a history of installed updates.

Software Updates consist of incremental updates of the Mac OS and its applications, Security Updates, device drivers and firmware updates. All software updates require the user to enter their administrative password, as with all consequential system changes. Some updates require a system restart. Starting with OS X 10.5, updates that require a reboot log out the user prior to installation and automatically restart the computer when complete; in earlier versions, the updates are installed, but critical files are not replaced until the next system startup.

As of OS X Mountain Lion, Software Update has been merged into the Mac App Store.

Command line[edit]

All of Software Update's features are available through the command-line program softwareupdate. The command to update everything from a terminal command line is "sudo softwareupdate -i -a".

The command line usage for softwareupdate in OS X 10.6 is as follows (this is a result of "sudo softwareupdate -h"):

usage: softwareupdate <mode> [<args> ...]

        -l | --list             List all appropriate updates
        -d | --download         Download Only
        -i | --install          Install
                <label> ...       specific updates
                -a | --all              all appropriate updates
                -r | --recommended      only recommended updates

        Per-user preferences:
        --ignore <label> ...      Ignore specific updates
        --reset-ignored         Clear all ignored updates
        --schedule (on | off)   Set automatic checking

        -v | --verbose  Enable verbose output
        -h | --help     Print this help

Using this tool, it is fairly straightforward for administrators to automatically install incoming updates by adding a cron job, or using the new launchd scheduling system, the latter is recommended (don't forget the "sudo" if run from a terminal command line):

softwareupdate --install --all

or to be more cautious, just

softwareupdate --install --recommended

It is prudent to set the job to run only every few days to allow for time to jump in with an --ignore if a particular update is reported to have issues by early adopters. If running as a cron job, it is also a good idea to avoid running the update while a user is logged in, especially since some updates require reboot to take effect. (softwareupdate does not reboot automatically, it merely displays a warning on its standard output if a reboot is necessary.) Remote administrators may also be interested in also using the cURL and installer command line utilities to set up their own software update system.


Apple Software Update under Wireshark

Software Update uses predictable TCP sequence numbers and plain text HTTP. Neither the command line nor GUI tools allow the user to use unpredictable sequence numbers or HTTPS. Mac OS X 10.8 uses HTTPS by default and allows a user to downgrade to HTTP, but still uses predictable sequence numbers.[1]

Apple's Software Update download server allows weak and wounded ciphers, and the server does not support secure renegotiation. Performing test connections using openssl s_client showed the server would agree to RC4-MD5. In fact, ARC4-MD5 was the server's preferred cipher. While confidentiality is not an issue (everyone gets the same update), authenticity is an issue and user must have assurances that they are communicating with the expected server and the communications are not tampered (MD5 is considered insecure by the cryptographic community, and should not be used).[2]

In March 2008, Apple began offering its web browser, Safari, through Apple Software Update for Windows. The Safari download was selected by default for installation by Apple Software Update.[3] After significant criticism from the community, Apple changed its policy and Safari was no longer selected by default for download.[4] Apple Software Update for Windows now offers new software and an optional download, in addition to updates for already-installed software.


  1. ^ OS X: Updating OS X and Mac App Store apps, September 19, 2012, retrieved September 23, 2012 
  2. ^ Schneier, Bruce (August 19, 2004), Cryptanalysis of MD5 and SHA: Time for a New Standard, retrieved September 23, 2012 
  3. ^ "Apple pushes Safari on Windows via iTunes updater". CNET. Retrieved October 23, 2009. 
  4. ^ "Apple updates Software Update for Windows, Safari optional". Ars Technica. Archived from the original on October 12, 2009. Retrieved October 23, 2009. 

External links[edit]