Apple revokes DigitNotar certs

Powered by SC Magazine
 

But iOS still vulnerable.

Apple is the last of the major web browser makers to revoke certificates issued by embattled Dutch-based certificate authority DigiNotar.

In a security advisory released Friday, the Cupertino, Calif.-based computing giant updated Mac OS X 10.6.8 and 10.7.1 to remove DigiNotar from its list of trusted root and extended-validation (EV) SSL certificates. In addition, the patch from Apple configures the Mac platform's default system settings to not trust DigiNotar certificates issued by DigiNotar or any of its partners.

Apple did not, however, release updates for iOS, which powers its iPad and iPhone devices.

Microsoft, Mozilla, Google and Opera already have released updates revoking the DigiNotar certs.

Meanwhile, Adobe said Thursday that it was "in the process of removing the DigiNotar Qualified CA certificate from the Adobe Approved Trust List (AATL)."

And Mozilla, maker of the Firefox browser, is asking all CAs that participate in its root program to audit its PKI infrastructure and systems "to check for intrusion or compromise." In addition, the request, sent Thursday from Kathleen Wilson, owner of Mozilla's CA Certificates Module, asks respondents to ensure that multifactor authentication is in place for all accounts that can issue certificates, as well as confirming that other security controls are deployed.

"Participation in Mozilla's root program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe," the note said. "Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve."

CAs DigiNotar, which is owned by U.S.-based VASCO, and Jersey City, N.J.-based Comodo have fallen victim this year to hacker attacks. The breaches have resulted in the issuance of counterfeit certificates for such high-profile websites as Google.

Almost all of the victims in both incidents appear to live in Iran.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Apple revokes DigitNotar certs
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1071

Vote