Another question I asked myself was: Is Software Update actually contacting Apple servers or am I being served a compromised update with even more security holes by the NSA?
Does it matter where the update comes from if it’s signed by Apple?
Update (2014-02-26): Nat!:
To get at the meat, use xar -x -f which will get you eventually to a file called Payload. That is a bzip2 encrypted tararchive. Now I find this quite hilarious. After all the hoops Apple went through, with xar, cpio, pax and what have you, they finally use tar to install, as they maybe should have right from the beginning.
Stay up-to-date by subscribing to the Comments RSS Feed for this post.