Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Apple patches OS X for DigiNotar threat

Security update released following criticism over response to stolen SSLs

Article comments

Apple is rolling out an OS X patch to deal with the DigiNotar fiasco following criticism last week about their slow response to the security threat posed by a hacker stealing SSL (secure socket layer) certificates.

Apple announced the patch in a security update bulletin. "Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted," stated the bulletin published on Friday.

The patch is available for Mac OS X, Mac OS X Server, OS X Lion and Lion Server. Apple's patch follows the revoking of DigiNotar as a trusted SSL (Secure Sockets Layer) certificate provider by Microsoft and browser makers Google and Mozilla earlier this month.

"For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available," Apple added to the page detailing the patch. That message is standard practice in Apple's security bulletins.

"It is disturbing that Apple does not communicate about security issues," said Roel Schouwenberg, security researcher at Kaspersky, in a phone interview. Apple keeps users in the dark until there is a patch available. "That is really old-fashioned," said Schouwenberg. Apple is "certainly very late" with the security update, he said.

"We also still don't know what is going on with iOS," Schouwenberg added. It is still unclear whether Apple will revoke certificates on the iPhone or the iPad. The same goes for Google's Android. Schouwenberg called this "very strange."

He pointed out that smartphones are basically computers and that most companies use the phones to handle corporate email. "If they are not releasing updates for mobile phones then that should certainly be substantiated," said Schouwenberg.

Google and Apple did not immediately comment.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *