A fraudulent SSL certificate has been issued for some public Web sites belonging to Google by the certificate authority DigiNotar. Although DigiNotar has now revoked the fraudulent certificate, which should protect most users, it’s conceivable that users on a compromised network could be fooled into using a fraudulent Web site masquerading as a Google service. Because the extent of the problem isn’t yet clear, Mozilla has released Firefox 6.0.1 (along with updates to all other currently supported Mozilla software) to revoke trust in the DigiNotar root certificate, which you can also disable manually. There are no other changes, but it’s worth getting the update to avoid potential problems related to the fraudulent certificate. (Free, 28.1 MB, release notes)
Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.