Apple Certificate Trust Policy Update

Published: 2011-09-09
Last Updated: 2011-09-09 21:21:04 UTC
by Guy Bruneau (Version: 2)
2 comment(s)

Apple released a patch to update their certificate trust policy affecting Mac OS X Server 10.6, Mac OS X 10.6, Lion Server, OS X Lion. Using fraudulent certificates operated by DigiNotar, an attacker with enough network privileges could intercept user credentials or sensitive information. Apple recommends applying security update 2011-005, additional information available here and downloaded here.

Update 1: Apple has indicated that iOS users cannot remove the root cert and Apple is aware of the issue.





Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Community SANS SEC 503 coming to Ottawa Sep 2011

Keywords: Apple Certificate
2 comment(s)


Still waiting for Apple fix iOS, and Google to fix Android
I haven't noticed a Safari update yet (for PC) either

Diary Archives