Security & Privacy

Apple has released Security Update 2011-005 for Mac OS X 10.6 Snow Leopard and 10.7 Lion, to handle security issues raised by hacked certificates issued by Dutch certificate authority DigiNotar.

An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar’s certificates, including those issued by other authorities, are not trusted.

We’ve reported about this issue and about follow-ups by the Mozilla foundation and others in dealing with it. Apple has reacted fairly quickly in getting this update out.

The update is available via Software Update or from Apple’s downloads page, and more information about the update is available here. This update is 869 KB for Snow Leopard, and 16 MB for Lion by download, but only 188 KB for Lion via Software Update.

For even more information about the DigiNotar breach, see Joshua Long’s comprehensive article on How to Revoke Trust for DigiNotar Root CA Certs—Even On Older Macs.