Friday, April 15, 2011

Apple closes a security hole three weeks after Microsoft

March 15, Comodo, one of the organizations issuing SSL certificates for secure transactions on the internet detected an intrusion on behalf of one of its customers. The author manages to be granted nine licenses for major domain names: google. com, login. yahoo. com, login. live. com, etc.. With these certificates, the attacker could create false websites visually identical to the originals and authenticated them as well and retrieve the IDs of users.

Comodo has quickly responded by revoking the certificates and SSL contacted the publishers of browsers and operating systems so that they too are these fraudulent certificates blacklisted. Microsoft, Google, Mozilla had already done when we publish all our news from March 26. Apple, meanwhile, just plug this security hole through a security update for Mac OS 10.5 and 10.6 (and iOS 4.3.2) released yesterday evening.

Fortunately for Mac users, Comodo monitors the use of revoked certificates.

No comments:

Post a Comment