I’ve made a universal build of GnuPG 1.4.6 (sig). This version is not vulnerable to an attack described in a December security announcement. Copy the contents of this zip into
/usr/local/bin to replace the vulnerable binaries.
The source is available from the GnuPG project.
The build was made by making separate directories for Intel, PowerPC and PowerPC 64-bit builds and then using
lipo to stitch them all back together again.
The PowerPC 64-bit code may be somewhat slower since certain operations are not optimized in assembly for that platform.
Installing using the MacGPG installer and then copying in the binaries provided above should result in an up-to-date install that is not vulnerable.