16-10-2011, 01:37 AM
DigiNotar root certificates removed from iOS 5
Even since DigiNotar, the Dutch Certificate Authority, got owned in August and hackers issued over 500 fake certificates things have only been going downhill for them.
Apples latest update to iOS 5, rolled out earlier today, addresses over 95 security vulnerabilities affecting a wide range of iOS components. The new version also supports revisions of the TLS protocol, eliminates support for the compromised MD5 algorithm, and notably removes DigiNotar root certificates from its trusted root list.
The Netherlands-based CA company discovered that attackers had issued fraudulent but valid "wildcard" certificates for many of the internet's top sites using its service, including Google and specifically Google's GMail service. It's believed they were working with the iranian government.