Apple released a patch to update their certificate trust policy affecting Mac OS X Server 10.6, Mac OS X 10.6, Lion Server, OS X Lion. Using fraudulent certificates operated by DigiNotar, an attacker with enough network privileges could intercept user credentials or sensitive information. Apple recommends applying security update 2011-005, additional information available here and downloaded here.

Update 1: Apple has indicated that iOS users cannot remove the root cert and Apple is aware of the issue.

[1] http://support.apple.com/kb/HT4920

[2] http://www.apple.com/support/downloads/

[3] http://support.apple.com/kb/HT4415

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Community SANS SEC 503 coming to Ottawa Sep 2011