Can MitM spoof a signed certificate by imitating the Certificate Authority?


I understand that a signed certificate is a server public key signed by the private key of a certificate authority. As a result, a client allegedly rest assured that the signed public key is for the desired server. Really? How does the client get the pubic key of the certificate authority? Can’t the attacker just sign his own public key and spoof the CA by providing the client with the wrong public key to decrypt the certificate? I’m assuming, of course, that the attacker has control of the network, including DNS.

My guess is that the CA’s public key has to be a preshared key or else you’re vulnerable. In my browser I see a list of certificate authorities like verisign and digicert. If these are preshared (say at windows/browser install), what happens if that store is ever updated or compromised (say by a virus, official looking request to install a new one, or an unscrupulous network admin). Could you then steal whatever you wanted? Answer goes to clear, concise explanation that shows how this really works and addresses these either real or perceived vulnerabilities.