The key was revoked on February 6, but the incident was discovered only one week later
Untrusted digital certificate alerts usually mean trouble. Either someone is trying to steal your information or the legitimate digital key has been revoked for some reason.In the case of security solutions provided by McAfee, it’s the second scenario. On February 6, one of the company’s administrators accidentally revoked the digital key used to validate the applications that run on the OS X platform.
Since February 6, all Mac users who have wanted to install or upgrade their McAfee products haven’t been able to validate them.
According to Ars Technica, the Apple’s certification revocation list shows that the key was cancelled because it was compromised. However, McAfee representatives state that an administrator inadvertently removed it while handling a development hardware upgrade.
Instead of revoking his individual use key, he revoked the code-signing keys for Mac products.
McAfee is working on addressing the issue, which they’ve uncovered only three days ago, but it’s not an easy task. Engineers must not only generate the new key, but they must also resign applications and perform quality-assurance testing on the updated products.