I've been looking class.updatemodel.php and I haven't found anything about permissions; I wasn't sure aobut it because I am quite new to vanilla and php so I gave it a try.
I created an user (normal user, not admin) on mi forum, logged with new account and tried "/index.php?p=/utility/update". It was a success.
Shouldn't be this option allow only to admin?
PD: sorry for my english