I've got an old PowerPC Mac Mini running Leopard that I keep around to run legacy software. Today, for the first time in years, Software Update opened up, offering to upgrade Airport Utility from 5.2.2 to 5.6.1.
Is this a genuine update, and if so, why is it showing up now, more than a decade after support for both the OS and the hardware ended?
Best Answer
This is real, yes. A lot of older software updates (but also newer ones e.g. some 10.14.6 Supplemental Update from September 2019!) are signed with a certificate which becomes/became invalid on Oct, 24 2019.
To keep them in the update game the intermediate certificate authority and its certficates have been replaced – the payload stays the same – and they have been republished/reissued.
Further readings (with pics I don't want to deep-link here ?):
Beware Apple security certificates after 24 October: they may have expired
Certificate used to sign older Apple software expiring on October 24, 2019
To check the validity of software installer packages use:
Example (the OSInstall.pkg inside the InstallESD.dmg of Install macOS Sierra.app d/led on Feb, 26 2019):
To check dmgs use:
or
Not all dmgs are codesigned! The precise command is sometimes macOS-version-dependent, or requires a min macOS/OS X version. Please check
man <command>
(eg:man spctl
).