This article was published on September 9, 2011

Apple addresses compromised DigiNotar web certificates with OS X Security Update


Apple addresses compromised DigiNotar web certificates with OS X Security Update

Apple has released a security update that addresses digital certificates issues by DigiNotar last month that were found to be compromised. The update is 2011-005 and is available for Lion and Snow Leopard users.

Apple details the updates by explaining the ways in which the certificates could allow an attack that intercepts personal information of a website’s visitors:

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar’s certificates, including those issued by other authorities, are not trusted.

The issues began when DigiNotar’s servers began issuing compromised certificates late last month after their server was hacked. In all, 531 forged certificates were issued with sites like the CIA, Yahoo, Twitter, Facebook, WordPress, Microsoft Live and Apple among them. The issue was caused by a single attacker, who labels himself a hacktivist and goes by the name ComodoHacker.

You can snag the updates now via Software Update or directly from the Apple Downloads site for Lion and Snow Leopard.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top