Apple Nukes Bogus Security Certificates With Latest Lion and Snow Leopard Security Update

By

Screen-Shot-2011-09-09-at-7.23.23-PM

You might remember a security kerfuffle from a few weeks ago involving DigiNotar issuing compromised security certificates to websites after being hacked, including one for Gmail. Well, Apple’s just fixed that at the root level of OS X Lion and Snow Leopard 10.6.8 with the latest Security Update.

Here’s the release notes:

Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.1, Lion Server v10.7.1

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar’s certificates, including those issued by other authorities, are not trusted.

To get the update, hit Software Update or download directly from here.

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.