Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Apple Finally Pulls the Plug on DigiNotar Certificates, Adobe to Follow

Apple has released an update to address compromised certificates from DigiNotar, more than a week after news of the attack first broke.

Apple has released an update to address compromised certificates from DigiNotar, more than a week after news of the attack first broke.

Apple is the last of the major browser vendors to bounce DigiNotar from its list of trusted root certificates, while Microsoft, Google and Mozilla had already made moves to address the potential threat. The Apple update affects Mac OS X and OS X Server versions 10.6.8 and Lion and Lion Server versions 10.7.1.

“Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar,” Apple wrote in the advisory. “This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar’s certificates, including those issued by other authorities, are not trusted.”

Up until now, Apple has remained quiet on the issue of the certificates, prompting criticism from many in the security community.

“Déjà vu – Remembering the Comodo issue, Apple was nearly a month behind other browser vendors in providing a patch to address the issue for their customers,” Lumension security and forensic analyst Paul Henry complained in Sept. 6 blog post.

For Apple’s part, it has a policy not to disclose, discuss or confirm security issues until a full investigation has finished and any necessary patches or releases are available.

In addition to moves by the major browser vendors, Adobe said it will release an update to remove the DigiNotar Qualified CA from the Adobe Approved Trust List (AATL) Sept. 13 for Adobe Reader and Acrobat X. The update was delayed at the explicit request of the Dutch government, while they explore the implications of this action and prepare their systems for the change.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Solana co-founder Stephen Akridge has been appointed the CEO of data protection firm Cyber Grant.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.