Security & Privacy

Apple has released Mac OS X 10.7.3, the latest update to Mac OS X 10.7 Lion. This update patches more than 50 vulnerabilities, from Apache to X11, and includes a number of updates to PHP, QuickTime and more. It also protects against some bogus certificates, issued to DigiCert Malaysia:

Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia’s certificates are not trusted.

These fixes are included in the overall 10.7.3 update, and a separate security update, Security Update 2012-001, is available for Mac OS X 10.6.8. Users can download the updates via Software Update, or from Apple’s Downloads page.

For more information about these updates, see this document.