New Apple Security Update Deals with Certificate Fraud
Posted by zduncan | Posted in Computer | Posted on 09-09-2011
Tags: Apple, Apple Security Update, Lion, Mac OS X, Mac OS X 10.6, Mac OS X 10.6 Snow Leopard, Mac OS X 10.7, Mac OS X 10.7 Lion, Mac OS X Lion, Mac OS X Snow Leopard, Security Update 2011-005, Snow Leopard
0
Apple issued a security update on Friday for the Mac OS X 10.7 Lion and Mac OS X 10.6 Snow Leopard operating systems. This update, according to Apple, was designed to address a security issue that was related to fraudulent online certificates.
Known as Security Update 2011-005, this update is now available to download through a software update or as a 15.59MB download for Mac OS X 10.7 Lion. Only an 869KB download is required for users downloading the update for Mac OS X 10.6 Snow Leopard. As far as Apple is concerned, the update is strongly recommended for any and all Mac users.
The Security Update 2011-005 addresses an issue that could potentially allow a computer hacker with a privileged network position to intercept the credentials of other users or even steal sensitive data and information like user IDs, passwords or other, more personal information.
Apple sent out the update in response to fraudulent certificates that were issued by multiple certificate authorities operated by DigiNotar. More on that story can be found here. Apple’s update does, however, remove DigiNotar from the list of trusted root certificates and also from the list of Extended Validation (EV) certificate authorities.
In addition to all of that, the security update also configures the default system trust settings so that DigiNotar’s certificates, including all of those that were issued by other authorities, are not viewed as trusted.
Another update was also sent out by Apple on Thursday for Lexmark printers. This update, known as Lexmark 2.6 Printer Driver, includes the latest Lexmark printing and scanning software required for both Mac OS X 10.7 Lion and Mac OS X 10.6 Snow Leopard. The 133.99MB update for that can also be downloaded directly from Apple as well.
Source: Apple Insider – Apple releases Mac OS X Security Update 2011-005 to stop certificate fraud