toggle

AAPL Stock: 112.65 ( + 3.24 )

Printed from http://www.macnn.com

Apple quietly blocks Java 7 in OS X [U]

updated 03:20 pm EST, Fri January 11, 2013

Blacklist requires unreleased version of Java for plugin to work

[Update: Mozilla joins in, FBI issues warning, fix coming] Apple has disabled the Java 7 browser plug-in on Macs through an updated OS X blacklist file, notes MacRumors. Recently a major security vulnerability was discovered in Java 7, one already being exploited in malware. In response, Apple has silently pushed an updated Xprotect.plist file to OS X users, setting an as-yet-unreleased v1.7.0_10-b19 as the minimum version of Java required for unrestricted operation.

In the past few years, Apple has tried to distance itself from Java as part of a general move away from third-party browser plug-ins. At one point the software came preinstalled on Macs, and was maintained in a separate Apple fork. In 2010, though, the company began leaving Java support up to Oracle, since the Apple fork was regularly lagging behind, which was leaving Macs exposed to known threats. Java is now entirely optional code that Mac owners have to download on their own, though if users attempted to run a Java applet they would be asked if they wanted to install Java from an Oracle public link.

Oracle has yet to say when a new version of Java will reach OS X. That could cause at least temporary problems for Mac owners who depend on apps and websites built around the plugin, though Java-based applications that use Java 7 separately of a web browser will not be affected by the blocking.

[U] The Mozilla foundation has also quietly updated the blacklist in its Firefox browser to block the affected Java 7 web plug-in, and security experts are now advising the public to temporarily disable Java in other browsers until Oracle can release a patch for the security issues, which it has said it will do on Tuesday.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. daqman

    Junior Member

    Joined: 09-15-00

    This is going to cause some grief!

    I understand that this is a severe vulnerability but completely and compulsorily blocking the Java plugin is extreme. Many companies have internally developed Java applets to access databases and perform other functions. There are also games and other legitimate Java code out there. I understand that Apple probably would find it almost impossible to whitelist applets based on network source it's Oracle that needs to move!

  1. Flying Meat

    Dedicated MacNNer

    Joined: 01-25-07

    I could be mistaken, but not all browsers comply with the XProtect thingee.

  1. curmi

    Senior User

    Joined: 04-05-01

    Article is not correct

    They blocked the Java 7 *plugin*, not Java 7. That is a big difference. Java applications will still run on the Mac - just not in a browser. If they blocked Java 7, developers who work in Java (for example, web server back ends) would suddenly find they could no longer work on their Macs.

  1. Charles Martin

    MacNN Editor

    Joined: 08-04-01

    Thanks for pointing this out, the article has been revised to make that clearer.

  1. pilker4y

    Fresh-Faced Recruit

    Joined: 01-07-13

    Websites that require Java to run always inform the users that the plugin is required to view the content, so I don't see this as a big issue. By blocking it Apple makes sure that everything is safe for its users.

  1. Jeff75

    Forum Regular

    Joined: 09-15-00

    Java threat - do I really need to take action on my Mac?

    What's the final word on this? Do I need to take action to protect my Mac?

    Will Sophos antivirus software, which I have installed and updated, catch and eradicate this if I do stumble across it?

  1. JackWebb

    Fresh-Faced Recruit

    Joined: 08-31-07

    Java 6 is working

    Java 6 is still working as a plugin in Safari on Lion 10.7.5. I had to go back to Java 6 after installing Java 7 on Tuesday and it freezing.
    Java for OS X 2012-006: How to re-enable the Apple-provided Java SE 6 applet plug-in and Web Start functionality
    BTW, I hate Java.

  1. Flying Meat

    Dedicated MacNNer

    Joined: 01-25-07

    Jeff75. You should avoid accessing sites that use client side Java applets.
    - How do you know if a site uses Java applets until you go there? You should make sure your Java security settings alert you to that. You get a warning that a site wants to put a client side applet on your machine.
    - Will Sophos antivirus catch and eradicate "this" if I do stumble across it? That all depends on what "this" is. Between the time that a vulnerability is discovered and when the AntiVirus folk create a detection mechanism, there is a window of opportunity for your system to become compromised. In the event a known malware product leaves a detectable trace (specific actions, or specific files indicative of a compromise) your AntiVirus may well catch and block those specific actions, and/or eradicate the offending files (presuming your settings specify those AntiVirus remediation steps). The Java plugin vulnerability is typically an attack "vector", meaning, that's how they can get in. The damage is usually done by software the intruder installs after gaining access.
    In short, yeah, maybe - or - almost certainly, eventually.

    If you want to be as safe as you can, make sure your AV software, Java software, and browser plugins are up to date. Don't reduce security settings for expedience.

    My 2 cents.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented