Apple today released Security Update 2011-005 (Lion) and Security Update 2011-005 (Snow Leopard) which are both recommended for all users and improves the security of Mac OS X.
Both updates are available via Software Update and also as standalone installers.
More info and download links:
• Security Update 2011-005 (Lion)
• Security Update 2011-005 (Snow Leopard)
For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222
So a day after a security firm bashes apple for not updating the ssl certificates… Apple updates.
I assume the update was already in the works yesterday.
That’s not entirely fair. The criticism was that there is a flaw in OS X, so that certain certificates that a user has already marked ‘untrusted’ may still be considered valid. The release notes of the security update only mention DigiNotar and not this broader issue. This suggests that if another such incident were to occur, we’d be waiting days for another security update from Apple.
The attack on apple i memtioned WAS about the diginotar attack.
They said that google ms Mozilla etc already patched the certificates, apple has not.
This is what the update does.
Maybe slashdot will shutup now too…
A week and change late, Apple is releasing an update to kill off the DigiNotar certs. But it’s only for 3/4 of its userbase. The rest of us millions, that use Leopard or Tiger, are left with this security hole. Nice. And Apple wonders why the biz market doesn’t take them seriously.
Beter late than never, but Microsoft had the Diginotar fix last week……