Apple releases updates for DigiNotar SSL debacle
Apple has released a security update for Mac OS X Snow Leopard (10.6.8) and Lion (10.7.1) which removes trust from the certificate authorities (CAs) operated by DigiNotar after the CA was compromised. Apple has joined Mozila and Microsoft in removing DigiNotar from their lists of trusted root certificates and EV certificate authorities. The update, labelled "Security Update 2011-05" also modified the default trust system configuration so that no DigiNotar certificates, including those issued by other authorities, are trusted.
The Apple update still leaves the iPhone, iPad and other iOS devices unprotected from the man in the middle attacks which have, to date, centred on Iranian internet users. There is also no update for the older Leopard release of Mac OS X, 10.5, which is the last version that ran on PowerPC-based Macs. The update is available through Mac OS X's built in Software Update or can be manually downloaded (for Lion or Snow Leopard) and installed.
See also:
- About Security Update 2011-005, the Apple Security Advisory.
- DigiNotar breach due to disastrous security, a report from The H.
- Browser makers update their DigiNotar disaster updates, a report from The H.
- Mozilla asks all CAs to carry out security audits, a report from The H.
(djwm)