OS X latest update deletes Avast! trusted CA cert?

[specimen9999]

After updating 10.6.8 with the latest Security Update and rebooting, Mail.app asked me to trust a cert to connect to gmail, which I found strange, looked in the Keychain and I found that the Avast! Trusted CA was gone.

[specimen9999]

http://support.apple.com/kb/HT5672

"CVE-2013-0156

Security

Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Several intermediate CA certificates were mistakenly issued by TURKTRUST. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue was addressed by not allowing the incorrect SSL certificates."

[jimmueller]

http://support.apple.com/kb/HT5672

"CVE-2013-0156

Security

Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Several intermediate CA certificates were mistakenly issued by TURKTRUST. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue was addressed by not allowing the incorrect SSL certificates."

I just applied the SL Security update and Mail now says it can't verify the identity for gmail, verizon and me.com. Did not realize Avast took over Mail's security certificates. Does not leave me with a warm & fuzzy feeling.
Attached screenshot of alert.

[specimen9999]

I just applied the SL Security update and Mail now says it can't verify the identity for gmail, verizon and me.com. Did not realize Avast took over Mail's security certificates. Does not leave me with a warm & fuzzy feeling.
Attached screenshot of alert.

It doesn't take over, it installs a root authority cert, it opens up the connections and unencrypts mails so it can scan for viruses and then re-encrypts and signs with this avast trusted cert.

For some reason, the latest OS X update deletes this cert. Uninstalling and reinstalling avast fixes the issue (installs the cert), but avast should consider another fix that doesn't require uninstalling.

[specimen9999]

Apparently there's a new avast build to fix this. And avast was rather sneaky about it, they didn't even replied to this topic. (:

[mity]

Sorry for not replying earlier. We were really busy to make the update to fix it ASAP. Thanks to you and other people who reported the issue.

Best regards
Mity

[claudinek]

Hmm. Uninstalling and reinstalling Avast7.0 39141 did apparently NOT fix this for me.

Where can I get that CA cert?

[tumic]

Hmm. Uninstalling and reinstalling Avast7.0 39141 did apparently NOT fix this for me.

Where can I get that CA cert?

A simple reboot should be sufficient for fixing the missing certificate, when it is deleted by an Apple
security update. An uninstall/install procedure should work as well of course. If it does not work,
something went wrong when installing/uninstalling avast!.

Either there is no "avast! trusted CA" certificate in your system roots keychain, or there is an old
one not consistent with the one the web/mail shield is actualy using. The original certificate
file is located at /Library/Application Support/Avast/config/certs/cacert.pem, but importing it
to the system roots keychain is a little bit tricky, as it can not be done using the Keychain Access
utility (the security CLI tool must be used to do so).