Author Topic: OS X latest update deletes Avast! trusted CA cert?  (Read 7602 times)

0 Members and 1 Guest are viewing this topic.

Offline specimen9999

  • Sr. Member
  • ****
  • Posts: 349
OS X latest update deletes Avast! trusted CA cert?
« on: March 15, 2013, 03:54:42 AM »
After updating 10.6.8 with the latest Security Update and rebooting, Mail.app asked me to trust a cert to connect to gmail, which I found strange, looked in the Keychain and I found that the Avast! Trusted CA was gone.

Offline specimen9999

  • Sr. Member
  • ****
  • Posts: 349
Re: OS X latest update deletes Avast! trusted CA cert?
« Reply #1 on: March 15, 2013, 04:07:08 AM »
http://support.apple.com/kb/HT5672

"CVE-2013-0156

Security

Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Several intermediate CA certificates were mistakenly issued by TURKTRUST. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue was addressed by not allowing the incorrect SSL certificates."

Offline jimmueller

  • Newbie
  • *
  • Posts: 9
Re: OS X latest update deletes Avast! trusted CA cert?
« Reply #2 on: March 15, 2013, 01:25:26 PM »
http://support.apple.com/kb/HT5672

"CVE-2013-0156

Security

Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Several intermediate CA certificates were mistakenly issued by TURKTRUST. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue was addressed by not allowing the incorrect SSL certificates."
I just applied the SL Security update and Mail now says it can't verify the identity for gmail, verizon and me.com. Did not realize Avast took over Mail's security certificates. Does not leave me with a warm & fuzzy feeling.
Attached screenshot of alert.

Offline specimen9999

  • Sr. Member
  • ****
  • Posts: 349
Re: OS X latest update deletes Avast! trusted CA cert?
« Reply #3 on: March 15, 2013, 02:33:47 PM »
I just applied the SL Security update and Mail now says it can't verify the identity for gmail, verizon and me.com. Did not realize Avast took over Mail's security certificates. Does not leave me with a warm & fuzzy feeling.
Attached screenshot of alert.

It doesn't take over, it installs a root authority cert, it opens up the connections and unencrypts mails so it can scan for viruses and then re-encrypts and signs with this avast trusted cert.

For some reason, the latest OS X update deletes this cert. Uninstalling and reinstalling avast fixes the issue (installs the cert), but avast should consider another fix that doesn't require uninstalling.
« Last Edit: March 15, 2013, 02:48:23 PM by specimen9999 »

Offline specimen9999

  • Sr. Member
  • ****
  • Posts: 349
Re: OS X latest update deletes Avast! trusted CA cert?
« Reply #4 on: March 15, 2013, 07:51:07 PM »
Apparently there's a new avast build to fix this. And avast was rather sneaky about it, they didn't even replied to this topic. (:
« Last Edit: March 15, 2013, 08:36:28 PM by specimen9999 »

Offline mity

  • Avast team
  • Full Member
  • *
  • Posts: 149
Re: OS X latest update deletes Avast! trusted CA cert?
« Reply #5 on: March 18, 2013, 11:00:46 AM »
Sorry for not replying earlier. We were really busy to make the update to fix it ASAP. Thanks to you and other people who reported the issue.

Best regards
Mity

Offline claudinek

  • Newbie
  • *
  • Posts: 4
Re: OS X latest update deletes Avast! trusted CA cert?
« Reply #6 on: July 23, 2013, 05:15:56 AM »
Hmm. Uninstalling and reinstalling Avast7.0 39141 did apparently NOT fix this for me.

Where can I get that CA cert?

Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
Re: OS X latest update deletes Avast! trusted CA cert?
« Reply #7 on: July 23, 2013, 11:56:14 AM »
Hmm. Uninstalling and reinstalling Avast7.0 39141 did apparently NOT fix this for me.

Where can I get that CA cert?

A simple reboot should be sufficient for fixing the missing certificate, when it is deleted by an Apple
security update. An uninstall/install procedure should work as well of course. If it does not work,
something went wrong when installing/uninstalling avast!.

Either there is no "avast! trusted CA" certificate in your system roots keychain, or there is an old
one not consistent with the one the web/mail shield is actualy using. The original certificate
file is located at /Library/Application Support/Avast/config/certs/cacert.pem, but importing it
to the system roots keychain is a little bit tricky, as it can not be done using the Keychain Access
utility (the security CLI tool must be used to do so).