Apple is the last of the major web browser makers to revoke certificates issued by embattled Dutch-based certificate authority DigiNotar.
In a security advisory released Friday, the Cupertino, Calif.-based computing giant updated Mac OS X 10.6.8 and 10.7.1 to remove DigiNotar from its list of trusted root and extended-validation (EV) SSL certificates. In addition, the patch from Apple configures the Mac platform's default system settings to not trust DigiNotar certificates issued by DigiNotar or any of its partners.
Apple did not, however, release updates for iOS, which powers its iPad and iPhone devices.
Microsoft, Mozilla, Google and Opera already have released updates revoking the DigiNotar certs.
Meanwhile, Adobe said Thursday that it was "in the process of removing the DigiNotar Qualified CA certificate from the Adobe Approved Trust List (AATL)."
And Mozilla, maker of the Firefox browser, is asking all CAs that participate in its root program to audit its PKI infrastructure and systems "to check for intrusion or compromise." In addition, the request, sent Thursday from Kathleen Wilson, owner of Mozilla's CA Certificates Module, asks respondents to ensure that multifactor authentication is in place for all accounts that can issue certificates, as well as confirming that other security controls are deployed.
"Participation in Mozilla's root program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe," the note said. "Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve."
CAs DigiNotar, which is owned by U.S.-based VASCO, and Jersey City, N.J.-based Comodo have fallen victim this year to hacker attacks. The breaches have resulted in the issuance of counterfeit certificates for such high-profile websites as Google.
Almost all of the victims in both incidents appear to live in Iran.
This article originally appeared at scmagazineus.com
Copyright © SC Magazine, US edition
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.