Apple Releases Security Update 2011-005 for OS X to Address Compromised Certificates
Apple today released Security Update 2011-005 for OS X, a small update addressing a specific security issue related to fraudulent certificates from DigiNotar.
Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information
Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted.
DigiNotar's servers were compromised several weeks ago, with hackers obtaining access to hundreds of certificates. Apple has been criticized for being slow to respond to the issue, but is now doing so today by revoking DigiNotar's status as a trusted source.
DigiNotar, one of hundreds of firms authorized to issue digital certificates that authenticate a website's identity, admitted on Aug. 30 that its servers were compromised weeks earlier. A report made public Monday said that hackers had acquired 531 certificates, including many used by the Dutch government, and that DigiNotar was unaware of the intrusion for weeks.
Available updates include: