Apple Updates for DigiNotar Hack

Apple has released a security update to address the recent security breach at DigiNotar.  The update, for Mac OS X workstation and server versions 10.6.8 (Snow Leopard) and 10.7.1 (Lion), removes DigiNotar from the list of trusted root certificates, and blocking other derived certificates.  More information is available in the announcement.  You can get the patch via Software Update, or you can download it here.

Adobe Security Updates

Adobe has issued a Prenotification Security Advisory [APSB11-24] for critical security updates to its Reader and Acrobat software for Windows and Mac OS X.  The company plans to release these updates on Tuesday, September 13.  According to the advisory, the following versions of the software for Windows and Macintosh are affected:

• Adobe Reader X (10.1) and earlier 10.x versions
• Adobe Reader 9.4.5 and earlier 9.x versions
• Adobe Acrobat X (10.1) and earlier 10.x versions
• Adobe Acrobat 9.4.5 and earlier 9.x versions
• Adobe Acrobat 8.3 and earlier 8.x versions

In a post yesterday on its “Product Security Incident Response Team” [PSIRT] blog, Adobe has described its response to the security breach at DigiNotar, the Dutch Certificate Authority.

We are in the process of removing the DigiNotar Qualified CA certificate from the Adobe Approved Trust List (AATL) and will post an update on this action tomorrow.

The post also includes instructions for manually removing DigiNotar certificates from Reader and Acrobat (this applies only to versions 9.x and higher of these products).

I will post another note here next Tuesday when the security updates have been released.