Security experts generally recommend applying security updates to software as soon as possible, as the overwhelming majority of attacks against vulnerabilities are against those that have already been addressed with patches from the software developer. But, published scenarios enable attackers to compromise the safety of these updates.
Some code distribution methods rely only on Secure Sockets Layer (SSL)
offerings to protect the integrity of the update process, but authentication
through conventional SSL can be weak and subject to man-in-the-middle
attacks. Both static code distribution sites and built-in automatic update
mechanisms are often vulnerable to these attacks.
The solution to this problem is code signing, a mature technology built into Windows and many other systems for years. Code signing allows users to ensure that a program was created by a named and authenticated organisation. Programmatic updates can build this mechanism into their own algorithms to ensure that they are not being fed rogue updates.