6 Replies Latest reply: Nov 8, 2013 10:01 PM by Rob10041
ds store Level 7 Level 7 (30,305 points)

In September 2011 Apple pulled the DigiNotar Root Certificates on Mac's with a Security Update for 10.6 and 10.7 machines, they haven't issued a update for 10.5 machines.

 

However Apple did release updates for iTunes and QuickTime for 10.5, 10.6 and 10.7.

 

What this means is if you visit a secure site or download software thinking it's from a secure site, it might be using one of the compromised certificates and compromise your machine or your vital information.

 

You'll have to pull these compromised certificates yourself manually in Keychain Access.

 

How to go about this precisely I can't tell you as I'm on Snow Leopard 10.6 and don't have a need to pull any root level certificates, sure someone can tell you how to go about the process.

 

Another method is fresh install & upgrade to 10.6, if you have a Intel based Mac that is.

 

Snow Leopard is much faster than Leopard it seems (using fresh install & upgrade), strips out PPC code and it gets video card speed improvements, I've tested the difference on just one machine though. It's a notable difference.

 

My advice is unless you have a 2011 machine or later, with 4GB of RAM, to leave Lion for a new machine. It will run on a Intel Core 2 Duo or later, just not as fast or perhaps as well as Snow Leopard will, and no Rosetta neither, like what Snow Leopard has.

 

 

 

You can read more of the DigiNotar compromise.

 

https://en.wikipedia.org/wiki/DigiNotar


MacBook Pro, Mac OS X (10.6.8), 17" i7, XP, Vista, 7, Linux(s)
  • 1. Re: Warning! Pull DigiNotar Root Certs!
    BDAqua Level 10 Level 10 (116,480 points)

    How to get rid of DigiNotar digital certificates from OS X...

     

    http://www.tuaw.com/2011/09/01/how-to-get-rid-of-diginotar-digital-certificates- from-os-x/

  • 2. Re: Warning! Pull DigiNotar Root Certs!
    ds store Level 7 Level 7 (30,305 points)

    Ah, thanks there  BD.

     

     

    Edit, dam BD, I meant to give you the greenie.

  • 3. Re: Warning! Pull DigiNotar Root Certs!
    BDAqua Level 10 Level 10 (116,480 points)

    Thanks, for the post & helpful.

  • 4. Re: Warning! Pull DigiNotar Root Certs!
    ds store Level 7 Level 7 (30,305 points)

    Hey, two wrongs make a right in this case!

  • 5. Re: Warning! Pull DigiNotar Root Certs!
    BDAqua Level 10 Level 10 (116,480 points)

     

  • 6. Re: Warning! Pull DigiNotar Root Certs!
    Rob10041 Level 1 Level 1 (0 points)

    Thanks so much ds store for pointing out a very important, oversight.

     

    I thought it was me, and it usually is. But I have noticed that there are root certificates that are listed as "untrustworthy". Why are they there? And your point is much more troubling in that an Apple provided root certificate listed as trustworthy is not.

     

    Since Apple provide's through their product's pre-loaded root certificate's why would there be less concern for client's who have older products,OS's, etc?  (I'm talking about a company with enough cash to buy, anything... And do perhaps much more. I have NO problem with that.)

     

    I have noticed, much less interest in those who do not have the latest product, OS etc. I must mention, all my personal contact with Apple, including phone support has always been professional, and courteous. It seems more a corporate, or more specificly a corporate marketing/sales mind set. Frankly, I'm not someone who gets p***** off about most things, lifes to short. When it comes to security issues, most certainly thing's I have no control over, like root certificate's.

     

    If they are not up-to-date, customers would never know what you pointed out, In the case you mentioned to be polite, seems an indifferent disregard for those not having the latest, coolest stuff. Why doesn't Apple dry clean root certificate's applicable for all their product's? Certainly for Apple, it would be a very straight forward process to scan and update them, perhaps for ALL their product's?