Security 2011-005 addresses fraudulent SSL certificates

Apple products and Mac operating systems. Including discussions on Virtual PC for Mac, Parallels Desktop for Mac, all Apple hardware and everything relating to Apple and Mac!
(MacCentre701)

Security 2011-005 addresses fraudulent SSL certificates

Postby Antony » Fri 09 Sep, 2011 1:21 pm

Apple has released Security Update 2011-05 for Mac OS X v10.6.8 and OS X Lion 10.7.1 users. This Security Update addresses the fraudulent SSL certificates issued by multiple certificate authorities operated by DigiNotar.

Security Update 2011-005
Certificate Trust Policy

Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.1, Lion Server v10.7.1

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted.


Security Update 2011-005 can be downloaded from Apple Support Download page or from Software Update.

DigiNotar's servers were compromised several weeks ago, with hackers obtaining access to hundreds of certificates

Security Update 2011-005 (Snow Leopard) (869 kb)
Security Update 2011-005 (Lion) (15.59mb)
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50
User avatar
Antony
diamond member
diamond member
 
Posts: 15168
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia

Return to Mac OS and Apple

Who is online

Registered users: Bing [Bot], Google [Bot], profman