Detections
Analytics
Mac OS X Fraudulent Digital Certificates (Security Update 2011-002)
medium Nessus Plugin ID 53412
Language:
Synopsis
The remote host is missing a Mac OS X update that fixes a security issue.Description
The remote host is running a version of Mac OS X 10.6 or 10.5 that does not have Security Update 2011-002 applied.A certificate authority (CA) has revoked a number of fraudulent SSL certificates for several prominent, public websites. Without this update, browsers will be unable to learn that the certificates have been revoked if either Online Certificate Status Protocol (OCSP) is disabled, or OCSP is enabled and fails.
If an attacker can trick someone into using the affected browser and visiting a malicious site using one of the fraudulent certificates, he may be able to fool that user into believing the site is a legitimate one. In turn, the user could send credentials to the malicious site or download and install applications.
Solution
Install Security Update 2011-002 or later.See Also
http://support.apple.com/kb/HT4608
http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
http://lists.apple.com/archives/security-announce/2011/Apr/msg00003.html
Plugin Details
Severity: Medium
ID: 53412
File Name: macosx_SecUpd2011-002.nasl
Version: Revision: 1.4
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 4/14/2011
Updated: 2/6/2012
Supported Sensors: Nessus Agent, Nessus
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/o:apple:mac_os_x
Required KB Items: Host/uname, Host/MacOSX/packages
Patch Publication Date: 4/14/2011
Vulnerability Publication Date: 3/22/2011