“Following a Mozilla-led investigation that found multiple problems in the SSL certificate issuance process of WoSign, a China-based certificate authority, Apple will make modifications to the iOS and macOS to block future certificates issued by the company,” Lucian Constantin reports for IDG News Service.
“Although there is no WoSign root certificate in Apple’s trusted certificate store, a WoSign intermediate CA certificate is cross-signed by two other CAs that Apple trusts: StartCom and Comodo,” Constantin reports. “This means that until now Apple products have automatically trusted certificates issued through the WoSign intermediate CA.”
Constantin reports, “Because WoSign experienced multiple control failures in their certificate issuance processes for the WoSign CA Free SSL Certificate G2 intermediate CA, ‘we are taking action to protect users in an upcoming security update,’ Apple said in support notes for both iOS and macOS. ‘Apple products will no longer trust the WoSign CA Free SSL Certificate G2 intermediate CA.'”
Read more in the full article here.
MacDailyNews Take: At Apple, security is paramount.
It is about time. The Chinese Government will use anything to infiltrate the rest of the world.
Ha! Like the NSA does?
Come on! The US government must not be the only one entitled to infiltrate the rest of the world.
Google is scrambling to scoop that certificate up.
Good. Never trust those slimy bastards and that communist country.
Old rumor I heard long ago was that Lenovo computers now have back doors for the Chinese government.
No proof that I know of. Who knows, maybe the same can be said for Windows 10 and the NSA.
We just don’t know anymore.
It’s not a rumor. Many of the computers our government agencies purchase are firmware root kitted. Which means they remain compromised even after wiping the OS and formatting the drive, the kind of thing off-the-shelf antivirus can NOT deal with. And it’s been going on for several years at least. Not sure how the government is responding to it, but I sincerely doubt they have the tools and manpower to ensure that all departments and agencies are properly protected.
now let’s block all chinese IP addresses
The company should change its name to “WhoaSign”….