Apple releases update to remove DigiNotar from trusted list

Filed Under: Apple, Featured, OS X, Privacy, Vulnerability

Patched Apple laptopSlightly less than two weeks after the first public signs of DigiNotar being compromised, Apple has revoked their certificates.

The Apple update is available for users of Snow Leopard (10.6) and Lion (10.7), but mysteriously not offered to users of Leopard or earlier versions.

Apple software updateAfter applying the update Mac users should no longer see DigiNotar as a trusted root certificate in the Keychain Access application.

You can check for updates by clicking the Apple logo in the upper-left corner of the screen and choosing Software Update.

If you are running an older Mac you can still protect yourself, but you will need to do it manually. You can follow the excellent instructions posted over at the ps | Enable blog.

Apple (along with Microsoft, Google and RIM) have not released any updates for their mobile platforms.

This is an opportunity for Apple to get ahead of the competition.

It is much easier for Apple to patch iDevices then Google to fix Androids, get the handset makers to apply the fixes and then convince the carriers to deploy the updates.

Apple users should apply this update as soon as they can and hope that the other CAs the hacker is claiming he hacked won't end up in a similar situation to DigiNotar.

, , , , , ,

You might like

4 Responses to Apple releases update to remove DigiNotar from trusted list

  1. Hubert Halkin · 1118 days ago

    Even if you have 10.7.1 of Lion, you should check for update. You need Security Update 2011-005. After applying Security Update 2011-005 your "About This Mac" will still indicate that you have 10.7.1 of Lion.

  2. the JoshMeister · 1118 days ago

    Actually, 10.6.8 and 10.7.1 were already the current versions of the OS. The patch is called Security Update 2011-005, and it's *available for* the previously-released versions of Snow Leopard and Lion, 10.6.8 and 10.7.1. The OS version numbers remain same after applying this security update.

  3. the JoshMeister · 1116 days ago

    The reason why Apple didn't patch Leopard (10.5.x) is that Apple only supports the most recent (in this case, Lion, 10.7.x) and one previous (Snow Leopard, 10.6.x) major release of the operating system with security updates.

    Based on Apple's track record, Leopard will still get minor updates for Safari and QuickTime (security updates, not feature updates) and probably iTunes updates for some period of time, but no security patches for the main operating system.

    Basically, this means that everyone still using a PowerPC (G4 or G5) processor, which maxes out at Leopard, can no longer receive security updates. So if you bought a PowerPC-based Mac around 5 or 6 years ago, you're totally out of luck. Of course, Adobe stopped releasing Flash updates for PowerPC earlier this year, so you were already out of luck on that front anyway.

    I just finished writing a very detailed article about this here: http://security.thejoshmeister.com/2011/09/apple-...

  4. Nigel Straightgrain · 1114 days ago

    I’ve been a Mac user since 1986, so my fondness for the platform is well established. But Apple’s increasingly restrictive hardware requirements for its software “upgrades” are a real point of contention for me. Even the Intel Core Duo machines are locked out of Lion. Whether the obsolescence now being experienced by Mac users is “planned” or not, it’s real, and it forces users to upgrade their hardware, whether they need to or not.

    I suspect that this is partly a consequence of the Mac platform’s expanding market, wherein a growing number of Mac users are folks who previously used Windows. Many of them are already accustomed to much shorter hardware life cycles (1 to 3 years) than Mac users have historically enjoyed (3 to 5 years). Obviously Apple knows this, and is taking advantage of that shift toward lower expectations among its user base.

    Of course, Apple isn’t the only software developer who won’t support PowerPC hardware. Browsers, mail apps, and a host of other software applications have dropped PPC support. I could still do most of the things I need to do on my trusty old G5, but without security support, there’s no recourse. Alas, the G5 now sits here collecting dust —a perfectly good machine, forced out of use by lack of software support for security issues.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.