AAPL Stock: 118.88 ( + 1.13 )

Printed from

New Java 7 exploit affects OS X, Windows, Linux users

updated 06:36 pm EDT, Mon August 27, 2012

Lion, Mountain Lion safeguards provide modest defense

A new security exploit in Java 7 is affecting Mac, Windows, and Linux users alike, according to an engineering manager for Metasploit, an open-source penetration testing framework. The vulnerability is described as "super dangerous," since an attack can be triggered simply by visiting a hacked or intentionally malicious website. OS X Lion and Mountain Lion do provide a modest level of protection, since Java isn't installed by default on the operating systems, which also ask users if they want to run the software.

More directly under threat are Leopard and Snow Leopard users, who do have Java preinstalled. With those two platforms Apple also chose to spin off its own Java releases, slowing down the potential response time for new threats. Apple will likely issue patches in the near future.

Java has been the main attack vector against Macs in recent months. Most famously OS X was targeted by the Flashback series of trojans, which were ultimately subdued but at one point had infected over 100,000 systems. Apple faced criticism for being slow to respond, since a vulnerability exploited by the trojans had already been fixed by Oracle months prior.

by MacNN Staff



  1. hayesk

    Professional Poster

    Joined: 09-17-99

    This is why I turn Java off in Safari. For those go to sites requiring Java, perhaps consider using a different browser for just that site, and enable Java there.

  1. The Vicar

    Junior Member

    Joined: 07-01-09

    Don't turn Java off in Safari; just don't install it at all!

  1. dynsight

    Fresh-Faced Recruit

    Joined: 05-07-05


    Javascript is a client side scripting language which you can turn off in any browser... but you really shouldn't turn it off since so many sites depend upon it for functionality. There is not much JavaScript can do to harm your computer, at least of late (however, JavaScript within PDF's have been known to do some file copying...)

    JAVA is an object oriented programming language and platform that runs on multiple OS's. You used to run Java applets in websites, but they are rarely used anymore. In order to run Java, you have to install the entire library and framework from Sun/Oracle

    Other than having similar names, they are two different things.

  1. prl99

    Mac Enthusiast

    Joined: 03-24-09

    Java actually is used by many enterprise-level applications so turning it off isn't an option. At least two of my main work applications use it so I'm stuck. Java was created to be platform agnostic, making it the perfect method for infecting every OS. Now we get to see how quickly Oracle fixes it and Apple adds it to software update.

  1. The Vicar

    Junior Member

    Joined: 07-01-09

    Yes, but you obviously don't know much about Java if you don't realize that websites can embed Java applets, and web browsers have the option to not run these applets. That's what Hayesk was talking about. It's in Safari's preferences window under the "Security" section, alongside the Javascript on-off option.

    But it's much, much better just to upgrade to 10.7 and then not install Java at all. Java is turning into a massive security hole these days.

  1. jreades

    Junior Member

    Joined: 02-02-99

    That's a nice idea, but doesn't work so well when you need, say, Processing, MATLAB, or many scientific or enterprise-level apps. The particular weakness being exposed here also emphasises the value of Java when things go well: write once, run anywhere.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented