Got a tip for us? Share it...
RSS

Apple Releases Security Update 2011-005 for OS X to Address Compromised Certificates

Friday September 9, 2011 10:19 am PDT by Eric Slivka

Apple today released Security Update 2011-005 for OS X, a small update addressing a specific security issue related to fraudulent certificates from DigiNotar.

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted.

DigiNotar's servers were compromised several weeks ago, with hackers obtaining access to hundreds of certificates. Apple has been criticized for being slow to respond to the issue, but is now doing so today by revoking DigiNotar's status as a trusted source.

DigiNotar, one of hundreds of firms authorized to issue digital certificates that authenticate a website's identity, admitted on Aug. 30 that its servers were compromised weeks earlier. A report made public Monday said that hackers had acquired 531 certificates, including many used by the Dutch government, and that DigiNotar was unaware of the intrusion for weeks.

Available updates include:

- Security Update 2011-005 (Lion) (15.59 MB)
- Security Update 2011-005 (Snow Leopard) (869 KB)
[ 79 comments ]

Top Rated Comments

(View all)

Avatar
AppliedMicro
9 months ago

They didn't start working on this yesterday, maybe they caught something in Q&A that delayed things a bit.

Removing compromised root certificates isn't rocket science.

There is simply no excuse for Apple taking almost two weeks longer than Microsoft to release this update - with Microsoft having to cover way more OS releases and update/service pack configurations than Apple.
Rating: 8 Positives / 2 Negatives
Avatar
tigres
9 months ago
Why the big file size difference?
Rating: 5 Positives / 0 Negatives
Avatar
brdeveloper
9 months ago
Apple is not ready to have its OSX as popular as Microsoft Windows.
Rating: 6 Positives / 2 Negatives
Avatar
Rocketman
9 months ago
Something this serious should see updates to Leopard and Tiger as well since some in-service computers require older OS's.
Rating: 4 Positives / 0 Negatives
Avatar
milbournosphere
9 months ago

[SIZE=1]I even use Safari in parallels…


Really? I mean, I can buy it for OS X, but Safari for Windows genuinely sucks as a browser. I prefer even IE to the Windows version of Safari. In fact, IE9 is a pretty good browser. When none of us were looking, IE went and grew up.
Rating: 3 Positives / 0 Negatives
Avatar
doboy
9 months ago
Now we just need the update for Safari on iOS devices :D
Rating: 3 Positives / 0 Negatives
Avatar
MJedi
9 months ago
Do the compromised certificates only exist on Snow Leopard and Lion? :confused:

What about Leopard?
Rating: 3 Positives / 0 Negatives
Avatar
iekozz
9 months ago
Little note: If you're using Chrome or Firefox on OS X, you where already protected. But it's nice that Apple has finally released a security update for OS X.
Rating: 4 Positives / 1 Negatives
Avatar
adder7712
9 months ago
Oh, I think that's the reason why Firefox is at 6.0.2 and release notes are talking about compromised security certs. Chrome probably updated without me knowing. :p


The Snow Leopard version REQUIRES 10.6.8.

I remain on 10.6.6 and it refuses to install.

Bad move, Apple. You should NOT use a Security Update to force people to update.

The question is, why are you on 10.6.6?
Rating: 2 Positives / 0 Negatives
Avatar
Negritude
9 months ago
If you're still using Leopard or earlier and wish to remove the compromised certificates, you can do so manually by issuing the commands below in terminal (you need an admin account). This works even when attempting to untrust or delete the certificates via Keychain Access does not:

sudo security delete-certificate -Z C060ED44CBD881BD0EF86C0BA287DDCF8167478C /System/Library/Keychains/SystemRootCertificates.keychain

sudo security delete-certificate -Z 59AF82799186C7B47507CBCF035746EB04DDB716 /System/Library/Keychains/SystemRootCertificates.keychain

sudo security delete-certificate -Z 101DFA3FD50BCBBB9BB5600C1955A41AF4733A04 /System/Library/Keychains/SystemRootCertificates.keychain
Rating: 2 Positives / 0 Negatives

[ Read All Comments ]