We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Apple patches OS X for DigiNotar threat

Apple released the security update Friday

Apple is rolling out an OS X patch to deal with the DigiNotar threat. DigiNotar will be removed from the list of trusted root certificates.

Apple announced the patch in a security update bulletin. "Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted," stated the bulletin published on Friday.

The patch is available for Mac OS X, Mac OS X Server, OS X Lion and Lion Server. Apple's patch follows the revoking of DigiNotar as a trusted SSL (Secure Sockets Layer) certificate provider by Microsoft on Monday and browser makers Google and Mozilla earlier this month.

"For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available," Apple added to the page detailing the patch. That message is standard practice in Apple's security bulletins.

"It is disturbing that Apple does not communicate about security issues," said Roel Schouwenberg, security researcher at Kaspersky, in a phone interview. Apple keeps users in the dark until there is a patch available. "That is really old-fashioned," said Schouwenberg. Apple is "certainly very late" with the security update, he said.

"We also still don't know what is going on with iOS," Schouwenberg added. It is still unclear whether Apple will revoke certificates on the iPhone or the iPad. The same goes for Google's Android. Schouwenberg called this "very strange."

He pointed out that smartphones are basically computers and that most companies use the phones to handle corporate email. "If they are not releasing updates for mobile phones then that should certainly be substantiated," said Schouwenberg.

Google and Apple did not immediately comment on Friday.


IDG UK Sites

Microsoft Band UK release date and price rumours, features and specs: Microsoft smartwatch unveiled

IDG UK Sites

Why Sony's PS4 2.0 update is every gamer's dream (well, mine at least)

IDG UK Sites

This Grolsch ad combines stop-motion & CG for majestic results

IDG UK Sites

Apple rumours and predictions for 2015: What to expect from Apple in 2015