Mac OS X Fraudulent Digital Certificates (Security Update 2011-002)

medium Nessus Plugin ID 53412

Synopsis

The remote host is missing a Mac OS X update that fixes a security issue.

Description

The remote host is running a version of Mac OS X 10.6 or 10.5 that does not have Security Update 2011-002 applied.

A certificate authority (CA) has revoked a number of fraudulent SSL certificates for several prominent, public websites. Without this update, browsers will be unable to learn that the certificates have been revoked if either Online Certificate Status Protocol (OCSP) is disabled, or OCSP is enabled and fails.

If an attacker can trick someone into using the affected browser and visiting a malicious site using one of the fraudulent certificates, he may be able to fool that user into believing the site is a legitimate one. In turn, the user could send credentials to the malicious site or download and install applications.

Solution

Install Security Update 2011-002 or later.

See Also

http://support.apple.com/kb/HT4608

http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

http://lists.apple.com/archives/security-announce/2011/Apr/msg00003.html

Plugin Details

Severity: Medium

ID: 53412

File Name: macosx_SecUpd2011-002.nasl

Version: 1.5

Type: local

Agent: macosx

Published: 4/14/2011

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x:10.5, cpe:/o:apple:mac_os_x:10.6

Required KB Items: Host/uname, Host/MacOSX/packages

Patch Publication Date: 4/14/2011

Vulnerability Publication Date: 3/22/2011