Apple releases Mac OS X Security Update 2011-005 to stop certificate fraudApple on Friday issued a security update for Mac OS X 10.7 Lion and 10.6 Snow Leopard, addressing a security issue related to fraudulent online certificates.
Security Update 2011-005 is available to download via Software Update, or as a 15.59MB download for Lion, or 869KB download for Snow Leopard direct from Apple. It is recommended for all Mac users.
The update addresses an issue that could allow an attacker with a privileged network position to intercept user credentials or other sensitive information.
Apple issued the update because fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. Apple's fix removes DigiNotar from the list of trusted root certificates and from the list of Extended Validation (EV) certificate authorities.
The security update also configures the default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not viewed as trusted.
Another update was also issued by Apple on Thursday for Lexmark printers in the form of Lexmark 2.6 Printer Driver. It includes the latest Lexmark printing and scanning software for both Lion and Snow Leopard, and the 133.99MB update can be downloaded direct from Apple.