You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: zsero
zsero Author
User level: Level 1
28 points

Security Update 2015-004 broke VeriSign SSL certificates system wide

It's not enough that Security Update 2015-004 did not address the Admin backdoor in 10.8 and 10.9, trying to force people to upgrade to the buggy and instable 10.10 (discussion here: https://news.ycombinator.com/item?id=9347669), it also broke VeriSign SSL certificates system wide.


This has resulted in the following (possibly even more):

- App store app is broken, including the update functionality http://i.imgur.com/U28VC6I.png

- All HTTPS parts of Apple.com website is broken in Chrome and displays a warning in Safari (http://i.imgur.com/XKu8d75.png,http://i.imgur.com/WtCFlG5.png, http://i.imgur.com/dluDG86.png, http://i.imgur.com/iyXkHJl.png, http://i.imgur.com/e8T2qiE.png)

- Twitter.com is totally broken in Chrome (http://i.imgur.com/cymg0OF.png, http://i.imgur.com/08MLCcn.png, http://i.imgur.com/9ijGwNB.png, http://i.imgur.com/G7KYS7E.png)


Now the big questions:

- Will Apple be able to fix this bug, even now that the system wide update functionality is broken? Or they will have to ask millions of users to please download a patch and run it on all systems?
- What has happened to the OS X software quality control in the recent years?

- How will enterprise customers and stability preferring professionals react to not including the Admin backdoor fix for 10.8 and 10.9?


// related forum thread: app store unavailable following security update 2015-004 (Mavericks)

MacBook Pro (Retina, 15-inch, Late 2013), OS X Mavericks (10.9.5), null

Posted on Apr 12, 2015 5:48 AM

Reply
6 replies
User profile for user: goestaberlin
goestaberlin
User level: Level 1
4 points

Apr 15, 2015 2:50 AM in response to zsero

I'm with you. I'd happily take a patch at this point, if only Apple took a stand rather than shirking, yet again, any responsibility behind the Wall of Silence. This effectively broke my mom's computer (Macbook Pro 13", OS 10.8.5), who is 350km away in a town without an Apple service provider. She can't access her bank now, and of course she hasn't got a time machine backup pre-security update. Well done, Apple.

Reply
User profile for user: CarbonDesign2171
CarbonDesign2171
User level: Level 1
0 points

Apr 21, 2015 5:29 PM in response to goestaberlin

Ive been fighting with this issue for two weeks. and i basically gave up and did this. its a reinstall of the OS X version your currently on. all you need is a connection to the internet and 1-3 hours based on the computers performance and internet. IT WILL NOT DELETE OR CHANGE ANYTHING. all her pics, setting, prefs, etc... will still be the exact same.

Step one: shut down your moms computer.

Step two: IMMEDIATELY after hitting the power button Hold "command" and "R" at the same time. do this until you see the apple symbol appear on the screen. then you can let go.

Step three: of the four or five options it gives your going to pick the "reinstall OSX" option.

Step four: its going to ask for her apple ID and password for the computer. give it these things then let it do its thing. make sure you have it connected to power and that its got internet and it will do the rest.

Step five: once its done you'll be back to where you were before the most recent set of updates. (no security 2015-004 1.0) so all you have to do now is tell her to NOT UPDATE THE SECURITY until apple gets this thing figured out.


when i called them about this they had no clue it was an issue, and i was on the phone with a senior tech for 2 hours and got now where with the issue. the community on here is saying to delete certain sets of security certificates but when i did that it didn't work for me but its seems to work for most people.


hope that gives you a temporary solution for you and your mother sir.

Reply
User profile for user: Ted Thibodeau Jr
Ted Thibodeau Jr
User level: Level 1
5 points

Apr 21, 2015 8:20 PM in response to zsero

Still an issue for me...


Tonight, Message Center announced there was an update waiting -- and when I went in to Software Update…, it displayed correctly!


And when I clicked update, it prompted for AppleID and password, for which ... connection failed.


So no AppStore updates nor new apps can be installed.


I'm astonished this is still going on more than a week later!

Reply
User profile for user: Ted Thibodeau Jr
Ted Thibodeau Jr
User level: Level 1
5 points

May 4, 2015 8:01 PM in response to Ted Thibodeau Jr

Solved! At last!


I cannot say exactly which step was the key, so here are most of the steps I took. Hopefully this helps someone.



1. Took the steps in Invalid or incorrect Certificates including reboot.
2. Took the steps in Edit your Keychain including reboot.
3. Downloaded and manually reinstalled Security Update 2015-004.

4. Repaired permissions and directories with Recovery reboot.

5. Took the steps in Invalid or incorrect Certificates including reboot.

6. Took the steps in Edit your Keychain including reboot.


I've gone through some of these steps multiple times, just hoping it would work that time...


Today -- when I went into Mail.app, it whined about the certs for me.com servers -- so I made *that* always trusted. And this time, iTunes.app didn't complain about any certs! And this time, Software Update.app didn't complain about any certs! And it successfully applied the three-week delayed updates!


So I'm hoping it's all done and done. OMG, frustrating along the way!

Reply
User profile for user: AppDevelopment
AppDevelopment
User level: Level 1
8 points

Oct 14, 2015 2:58 PM in response to Ted Thibodeau Jr

tired of the bull ****


I believe the biggest problem here is the (incorrect) notion that the certificate is invalid.


I own several servers on a rack over at the planet, I run 4000 domain websites, (there is no way I am paying high prices for a (authority) SSL certificate when I can produce my own perfectly valid, (yes valid) SSL certificate, since I am the only one using the certificate it should not be a problem.


My question here is why is this a problem for APPLE...


(is it possible that APPLE, owns some of these "authority" Signed Services?


Seriously, IF I am using my own server and I am connecting my own computer and both SSL certificates originated from my one computer.


WHY is apple so worried about what might happen?


(What I did to solve this issue?) Simple I stopped using MAIL.APP


Should I stop using Apple as well, ? Tell me I hear Linux is quite nice and does not have this problem at all and its FREE...


(also don't preach to me about freedom, when I spend hours of my time on trying to fix a programming hang issue, Its not FREE)

Reply

Security Update 2015-004 broke VeriSign SSL certificates system wide

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up