Apple releases Security Update to block hacked Web certificates

Apple on Friday released Security Update 2011-005, which addresses fraudulent Web security certificates issued by a recently-hacked Dutch certificate authority DigiNotar.

The update, available for both Snow Leopard and Lion, offers Mac users protection from sites that could falsely claim to be trustworthy. The breach allowed hackers to issue bogus digital certificates, files that your Web browser uses when you make secure (HTTPS) connections.

The Security Update addresses the issue by removing DigiNotar from your Mac’s list of trusted root certificates and the list of Extended Validation certificate authorities. The update also configures default system trust settings so that DigiNotar’s certificates—including those it issues through other authorities—aren’t trusted.

You can install the Security Update through Software Update, or download the Lion or Snow Leopard updates directly from Apple’s website.

Subscribe to the Help Desk Newsletter

Comments