This week's sponsor

HabitMinder

The Healthy Habit Reminder and Tracker


Security Update 2011-005 Released, Addresses DigiNotar Certificates

Earlier this afternoon Apple released two security updates for OS X Lion and 10.6.8 Snow Leopard to address an issue with compromised digital certificates issued by DigiNotar weeks ago.

Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.1, Lion Server v10.7.1

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted.

The updates are available on Software Update, or directly on Apple's Downloads website. DigiNotar's servers were hacked last month, and began issuing false certificates, leading to security concerns among several companies. As Apple also notes, it was possible to remove the certificates manually by deleting the root entries in Keychain Access.

Direct links:

Security Update 2011-005 (Lion)

Security Update 2011-005 (Snow Leopard)

Unlock MacStories Extras

Club MacStories offers exclusive access to extra MacStories content, delivered every week; it's also a way to support us directly.

Club MacStories will help you discover the best apps for your devices and get the most out of your iPhone, iPad, and Mac. Plus, it's made in Italy.

Starting at $5/month, with an annual option available. Join the Club.

A Club MacStories membership includes:

  • MacStories Weekly newsletter, delivered every week on Friday with app collections, tips, iOS workflows, and more;
  • Monthly Log newsletter, delivered once every month with behind-the-scenes stories, app notes, personal journals, and more;
  • Access to occasional giveaways, discounts, and free downloads.