Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Apple Finally Pulls the Plug on DigiNotar Certificates, Adobe to Follow

Apple has released an update to address compromised certificates from DigiNotar, more than a week after news of the attack first broke.

Apple has released an update to address compromised certificates from DigiNotar, more than a week after news of the attack first broke.

Apple is the last of the major browser vendors to bounce DigiNotar from its list of trusted root certificates, while Microsoft, Google and Mozilla had already made moves to address the potential threat. The Apple update affects Mac OS X and OS X Server versions 10.6.8 and Lion and Lion Server versions 10.7.1.

“Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar,” Apple wrote in the advisory. “This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar’s certificates, including those issued by other authorities, are not trusted.”

Up until now, Apple has remained quiet on the issue of the certificates, prompting criticism from many in the security community.

“Déjà vu – Remembering the Comodo issue, Apple was nearly a month behind other browser vendors in providing a patch to address the issue for their customers,” Lumension security and forensic analyst Paul Henry complained in Sept. 6 blog post.

For Apple’s part, it has a policy not to disclose, discuss or confirm security issues until a full investigation has finished and any necessary patches or releases are available.

In addition to moves by the major browser vendors, Adobe said it will release an update to remove the DigiNotar Qualified CA from the Adobe Approved Trust List (AATL) Sept. 13 for Adobe Reader and Acrobat X. The update was delayed at the explicit request of the Dutch government, while they explore the implications of this action and prepare their systems for the change.

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...