2011-04-14
Nyhet

Safari, Leopard och Snow Leopard uppdateras

Under dagen har Apple släppt säkerhetsuppdateringen Security Update 2011-002 till Snow Leopard, Snow Leopard Server och gamla Leopard Server och klient. Vad paketet innehåller?

Security Update 2011-002 is recommended for all users and improves the security of Mac OS X.

Lite grävande har dock gett vid handen att det är ett problem med certifikathanteringen som gjort att inte bara operativsytem utan också Safari uppdaterats till version 5.0.5:

Security Update 2011-002

Certificate Trust Policy

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.7, Mac OS X Server v10.6.7

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Several fraudulent SSL certificates were issued by a Comodo affiliate registration authority. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue is addressed by blacklisting the fraudulent certificates.

Note: For iOS, this issue is addressed with iOS 4.3.2 and iOS 4.2.7. For Windows systems, Safari relies on the certificate store of the host operating system to determine if an SSL server certificate is trustworthy. Applying the update described in Microsoft Knowledge Base Article 2524375 will cause Safari to regard these certificates as untrusted. The article is available at http://support.microsoft.com/kb/2524375

Bra grej är att uppdatera med andra ord.



© 2018 Omsoc Publishing AB