Apple has released Security Update 2011-005 for Lion and Snow Leopard via their Software Update Utility and website for direct download, this update is recommended for all users and improves the security of Mac OS X. It also addresses a specific security issue with fraudulent certificates from DigiNotar and the release includes versions for Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion 10.7.1, and Lion Server 10.7.1……………..
Apple issued a security update for Mac OS X 10.7 Lion and 10.6 Snow Leopard, addressing a security issue related to fraudulent online certificates and Apple details the updates by explaining the ways in which the certificates could allow an attack that intercepts personal information of a website’s visitors:
Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information
Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar’s certificates, including those issued by other authorities, are not trusted.
The security update also configures the default system trust settings so that DigiNotar‘s certificates, including those issued by other authorities, are not viewed as trusted and the issues began when DigiNotar’s servers began issuing compromised certificates late last month after their server was hacked. In all, 531 forged certificates were issued with sites like the CIA, Yahoo, Twitter, Facebook, WordPress, Microsoft Live and Apple among them. The issue was caused by a single attacker, who labels himself a hacktivist and goes by the name ComodoHacker. You can find the update in Software Update as a 188KB download for Lion and it should be similarly small for Snow Leopard users.
Available updates include: