Apple finally blocks untrusted DigiNotar SSL certificates in Mac OS X

It's taken Apple two weeks, but finally the company has issued a patch for Mac OS X to block DigiNotar from the list of trusted root certificates and from the list of Extended Validation (EV) certificate authorities.

DigiNotar is one out of  hundreds of firms that are authorized to issue digital certificates used to verify the identity of a website. On August 30 the company announced that its servers had been compromised and that fake certificates might have leaked into the wild.

Here are the updates:

• Security Update 2011-005 (Snow Leopard) - 864KB
• Security Update 2011-005 (Lion) - 15.59MB

Additional information here:

Certificate Trust Policy

Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.1, Lion Server v10.7.1

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted.

Apple has yet to offer a patch to protect iOS users from fraudulent DigiNotar certificates.

Time to run Software Updates on your Macs!