AAPL Stock: 123.25 ( -0.99 )

Printed from

Apple quietly blocks Java 7 in OS X [U]

updated 03:20 pm EST, Fri January 11, 2013

Blacklist requires unreleased version of Java for plugin to work

[Update: Mozilla joins in, FBI issues warning, fix coming] Apple has disabled the Java 7 browser plug-in on Macs through an updated OS X blacklist file, notes MacRumors. Recently a major security vulnerability was discovered in Java 7, one already being exploited in malware. In response, Apple has silently pushed an updated Xprotect.plist file to OS X users, setting an as-yet-unreleased v1.7.0_10-b19 as the minimum version of Java required for unrestricted operation.

In the past few years, Apple has tried to distance itself from Java as part of a general move away from third-party browser plug-ins. At one point the software came preinstalled on Macs, and was maintained in a separate Apple fork. In 2010, though, the company began leaving Java support up to Oracle, since the Apple fork was regularly lagging behind, which was leaving Macs exposed to known threats. Java is now entirely optional code that Mac owners have to download on their own, though if users attempted to run a Java applet they would be asked if they wanted to install Java from an Oracle public link.

Oracle has yet to say when a new version of Java will reach OS X. That could cause at least temporary problems for Mac owners who depend on apps and websites built around the plugin, though Java-based applications that use Java 7 separately of a web browser will not be affected by the blocking.

[U] The Mozilla foundation has also quietly updated the blacklist in its Firefox browser to block the affected Java 7 web plug-in, and security experts are now advising the public to temporarily disable Java in other browsers until Oracle can release a patch for the security issues, which it has said it will do on Tuesday.

by MacNN Staff





  1. daqman

    Junior Member

    Joined: 09-15-00

    This is going to cause some grief!

    I understand that this is a severe vulnerability but completely and compulsorily blocking the Java plugin is extreme. Many companies have internally developed Java applets to access databases and perform other functions. There are also games and other legitimate Java code out there. I understand that Apple probably would find it almost impossible to whitelist applets based on network source it's Oracle that needs to move!

  1. Flying Meat

    Dedicated MacNNer

    Joined: 01-25-07

    I could be mistaken, but not all browsers comply with the XProtect thingee.

  1. curmi

    Senior User

    Joined: 04-05-01

    Article is not correct

    They blocked the Java 7 *plugin*, not Java 7. That is a big difference. Java applications will still run on the Mac - just not in a browser. If they blocked Java 7, developers who work in Java (for example, web server back ends) would suddenly find they could no longer work on their Macs.

  1. Charles Martin

    MacNN Editor

    Joined: 08-04-01

    Thanks for pointing this out, the article has been revised to make that clearer.

  1. pilker4y

    Fresh-Faced Recruit

    Joined: 01-07-13

    Websites that require Java to run always inform the users that the plugin is required to view the content, so I don't see this as a big issue. By blocking it Apple makes sure that everything is safe for its users.

  1. Jeff75

    Forum Regular

    Joined: 09-15-00

    Java threat - do I really need to take action on my Mac?

    What's the final word on this? Do I need to take action to protect my Mac?

    Will Sophos antivirus software, which I have installed and updated, catch and eradicate this if I do stumble across it?

  1. JackWebb

    Fresh-Faced Recruit

    Joined: 08-31-07

    Java 6 is working

    Java 6 is still working as a plugin in Safari on Lion 10.7.5. I had to go back to Java 6 after installing Java 7 on Tuesday and it freezing.
    Java for OS X 2012-006: How to re-enable the Apple-provided Java SE 6 applet plug-in and Web Start functionality
    BTW, I hate Java.

  1. Flying Meat

    Dedicated MacNNer

    Joined: 01-25-07

    Jeff75. You should avoid accessing sites that use client side Java applets.
    - How do you know if a site uses Java applets until you go there? You should make sure your Java security settings alert you to that. You get a warning that a site wants to put a client side applet on your machine.
    - Will Sophos antivirus catch and eradicate "this" if I do stumble across it? That all depends on what "this" is. Between the time that a vulnerability is discovered and when the AntiVirus folk create a detection mechanism, there is a window of opportunity for your system to become compromised. In the event a known malware product leaves a detectable trace (specific actions, or specific files indicative of a compromise) your AntiVirus may well catch and block those specific actions, and/or eradicate the offending files (presuming your settings specify those AntiVirus remediation steps). The Java plugin vulnerability is typically an attack "vector", meaning, that's how they can get in. The damage is usually done by software the intruder installs after gaining access.
    In short, yeah, maybe - or - almost certainly, eventually.

    If you want to be as safe as you can, make sure your AV software, Java software, and browser plugins are up to date. Don't reduce security settings for expedience.

    My 2 cents.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill th ...

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, the process is not exactly something most people put a lot of thought into. Printers are often t ...

Moshi iVisor AG and XT for iPad Air 2

Have you ever tried to put in a screen protector that relies on static to cling to the screen? How many bubbles and wrinkles does it h ...


Most Commented