Good find. Though note that the release note mentions "less than 1024 bits". I wonder if that is a typo and they meant "1024 bits or less".
Javier Henderson [email protected] +1 919 574 5032 On May 15, 2012, at 11:12 AM, Mike King <[email protected]> wrote: > I did find a reference to this being a bug fix in 10.7.4 > > Lots of companies are deprecating certificate support for certificates that > are less than 2048bit. I wonder if Apple has just handled this really > bad.(IE, 1024 and less, unlike the description below) > > libsecurity > > Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to > v10.7.3, OS X Lion Server v10.7 to v10.7.3 > > Impact: Support for X.509 certificates with insecure-length RSA keys may > expose users to spoofing and information disclosure > > Description: Certificates signed using RSA keys with insecure key lengths > were accepted by libsecurity. This issue is addressed by rejecting > certificates containing RSA keys less than 1024 bits. > > CVE-ID > > CVE-2012-0655
