Apple Closes Security Hole in OS X Updater
Martin O'Donnell pointed out a CNET News.com report from several days ago that said Russell Harding had posted details on how to fool Apple's OS X SoftwareUpdate feature into downloading an operating system patch that contains a backdoor. Earlier today, Slashdot reported that Apple had closed that hole with an updated SoftwareUpdate program. The article on Slashdot characterizes Apple's response as quick, and says that the SoftwareUpdate program now checks for valid cryptographic signatures.
RedHat's Red Hat Network, which performs a similar OS management and update functions for Linux, has verified cryptographic signatures for a long time.