We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Apple patches OS X for DigiNotar threat

Apple released the security update Friday

Apple is rolling out an OS X patch to deal with the DigiNotar threat. DigiNotar will be removed from the list of trusted root certificates.

Apple announced the patch in a security update bulletin. "Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted," stated the bulletin published on Friday.

The patch is available for Mac OS X, Mac OS X Server, OS X Lion and Lion Server. Apple's patch follows the revoking of DigiNotar as a trusted SSL (Secure Sockets Layer) certificate provider by Microsoft on Monday and browser makers Google and Mozilla earlier this month.

"For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available," Apple added to the page detailing the patch. That message is standard practice in Apple's security bulletins.

"It is disturbing that Apple does not communicate about security issues," said Roel Schouwenberg, security researcher at Kaspersky, in a phone interview. Apple keeps users in the dark until there is a patch available. "That is really old-fashioned," said Schouwenberg. Apple is "certainly very late" with the security update, he said.

"We also still don't know what is going on with iOS," Schouwenberg added. It is still unclear whether Apple will revoke certificates on the iPhone or the iPad. The same goes for Google's Android. Schouwenberg called this "very strange."

He pointed out that smartphones are basically computers and that most companies use the phones to handle corporate email. "If they are not releasing updates for mobile phones then that should certainly be substantiated," said Schouwenberg.

Google and Apple did not immediately comment on Friday.


IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model