In light of these findings, we are taking action to protect users in an upcoming security update. Apple products will no longer trust the WoSign CA Free SSL Certificate G2 intermediate CA.I applaud Apple's swift action and hope other browser vendors follow up as soon as possible. Mozilla's final decision is pending till Qihoo 360 (WoSign's dominant share holder), StartCom and Mozilla's in person meeting next Tuesday.
To avoid disruption to existing WoSign certificate holders and to allow their transition to trusted roots, Apple products will trust individual existing certificates issued from this intermediate CA and published to public Certificate Transparency log servers by 2016-09-19. They will continue to be trusted until they expire, are revoked, or are untrusted at Apple’s discretion. https://support.apple.com/en-us/HT204132
Saturday, October 1, 2016
Apple announces block of WoSign
In light of Mozilla's findings listed https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview and https://wiki.mozilla.org/CA:WoSign_Issues, Apple has decided to block WoSign from its products.