Apple addresses DigiNotar Web Certificates With OS X Security Update

Apple today released Security Update 2011-005 for OS X, a smallupdate that addresses digital certificates issues by DigiNotar last month that were found to be compromised.

Update addressing a specific security issue related to fraudulent certificates from DigiNotar.

Apple details the updates by explaining the ways in which the certificates could allow an attack that intercepts personal information of a website’s visitors:

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information
Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar’s certificates, including those issued by other authorities, are not trusted.

DigiNotar’s servers were compromised several weeks ago, with hackers obtaining access to hundreds of certificates. Apple has been criticized for being slow to respond to the issue, but is now doing so today by revoking DigiNotar’s status as a trusted source.

DigiNotar, one of hundreds of firms authorized to issue digital certificates that authenticate a website’s identity, admitted on Aug. 30 that its servers were compromised weeks earlier. A report made public Monday said that hackers had acquired 531 certificates, including many used by the Dutch government, and that DigiNotar was unaware of the intrusion for weeks.

Leave a Comment

Previous post:

Next post: