Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Apple Certificate Trust Policy Update InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apple Certificate Trust Policy Update

Published: 2011-09-09
Last Updated: 2011-09-09 21:21:04 UTC
by Guy Bruneau (Version: 2)
2 comment(s)

Apple released a patch to update their certificate trust policy affecting Mac OS X Server 10.6, Mac OS X 10.6, Lion Server, OS X Lion. Using fraudulent certificates operated by DigiNotar, an attacker with enough network privileges could intercept user credentials or sensitive information. Apple recommends applying security update 2011-005, additional information available here and downloaded here.

Update 1: Apple has indicated that iOS users cannot remove the root cert and Apple is aware of the issue.

[1] http://support.apple.com/kb/HT4920

[2] http://www.apple.com/support/downloads/

[3] http://support.apple.com/kb/HT4415

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Community SANS SEC 503 coming to Ottawa Sep 2011

Keywords: Apple Certificate
2 comment(s)
Diary Archives