In association with heise online

10 September 2011, 11:23

Apple releases updates for DigiNotar SSL debacle

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Mac OS X logo
Apple has released a security update for Mac OS X Snow Leopard (10.6.8) and Lion (10.7.1) which removes trust from the certificate authorities (CAs) operated by DigiNotar after the CA was compromised. Apple has joined Mozila and Microsoft in removing DigiNotar from their lists of trusted root certificates and EV certificate authorities. The update, labelled "Security Update 2011-05" also modified the default trust system configuration so that no DigiNotar certificates, including those issued by other authorities, are trusted.

The Apple update still leaves the iPhone, iPad and other iOS devices unprotected from the man in the middle attacks which have, to date, centred on Iranian internet users. There is also no update for the older Leopard release of Mac OS X, 10.5, which is the last version that ran on PowerPC-based Macs. The update is available through Mac OS X's built in Software Update or can be manually downloaded (for Lion or Snow Leopard) and installed.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit