Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apple Certificate Trust Policy Update

Published: 2011-09-09
Last Updated: 2011-09-09 21:21:04 UTC
by Guy Bruneau (Version: 2)
2 comment(s)

Apple released a patch to update their certificate trust policy affecting Mac OS X Server 10.6, Mac OS X 10.6, Lion Server, OS X Lion. Using fraudulent certificates operated by DigiNotar, an attacker with enough network privileges could intercept user credentials or sensitive information. Apple recommends applying security update 2011-005, additional information available here and downloaded here.

Update 1: Apple has indicated that iOS users cannot remove the root cert and Apple is aware of the issue.





Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Community SANS SEC 503 coming to Ottawa Sep 2011

Keywords: Apple Certificate
2 comment(s)
Diary Archives