/article-new/2011/09/sec_update_2011-005.png?lossy)
Apple today released Security Update 2011-005 for OS X, a small update addressing a specific security issue related to fraudulent certificates from DigiNotar.
Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information
Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted.
DigiNotar's servers were compromised several weeks ago, with hackers obtaining access to hundreds of certificates. Apple has been criticized for being slow to respond to the issue, but is now doing so today by revoking DigiNotar's status as a trusted source.
DigiNotar, one of hundreds of firms authorized to issue digital certificates that authenticate a website's identity, admitted on Aug. 30 that its servers were compromised weeks earlier. A report made public Monday said that hackers had acquired 531 certificates, including many used by the Dutch government, and that DigiNotar was unaware of the intrusion for weeks.
Available updates include:
- Security Update 2011-005 (Lion) (15.59 MB)
- Security Update 2011-005 (Snow Leopard) (869 KB)
Top Rated Comments
There is simply no excuse for Apple taking almost two weeks longer than Microsoft to release this update - with Microsoft having to cover way more OS releases and update/service pack configurations than Apple.
Really? I mean, I can buy it for OS X, but Safari for Windows genuinely sucks as a browser. I prefer even IE to the Windows version of Safari. In fact, IE9 is a pretty good browser. When none of us were looking, IE went and grew up.