Skip to main content

Mac OS X Users Unable to Block DigiNotar SSL Certificates

A bug in Apple’s Mac OS X platform will not allow users to block the SSL certificates issued by DigiNotar, a security company whose servers were hacked last month.

According to an article on PC World, Mac users starting reporting problems after trying to block websites that used the SSL certificates provided by DigiNotar.

Even after users revoke the certificates, some of the websites that use those certificates show up as trustworthy on their Macs.

ComodoHacker compromised the servers of DigiNotar last month, issuing a lot of fake SSL certificates, which trick users into divulging their information on a malicious website carrying a fake SSL certificate.

The problem with Mac, as it was later discovered, is that users are able to revoke the certificates on Mac using Keychain. However, if the users visit a website which uses the Extended Validation Certificates, the certificates will be accepted by Mac, even if they have issued by a company marked as untrusted on Keychain.

Microsoft, Mozilla and Google have all released updates for their web browsers to protect users from the fake SSL attacks, while Apple has yet to comment on the matter.