Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Apple quietly blocks Java 7 in OS X [U]

Apple quietly blocks Java 7 in OS X [U]
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Online
Reply With Quote
Jan 11, 2013, 03:21 PM
 
[Update: Mozilla joins in, FBI issues warning, fix coming] Apple has disabled the Java 7 browser plug-in on Macs through an updated OS X blacklist file, notes MacRumors. Recently a major security vulnerability was discovered in Java 7, one already being exploited in malware. In response, Apple has silently pushed an updated Xprotect.plist file to OS X users, setting an as-yet-unreleased v1.7.0_10-b19 as the minimum version of Java required for unrestricted operation.

In the past few years, Apple has tried to distance itself from Java as part of a general move away from third-party browser plug-ins. At one point the software came preinstalled on Macs, and was maintained in a separate Apple fork. In 2010, though, the company began leaving Java support up to Oracle, since the Apple fork was regularly lagging behind, which was leaving Macs exposed to known threats. Java is now entirely optional code that Mac owners have to download on their own, though if users attempted to run a Java applet they would be asked if they wanted to install Java from an Oracle public link. Oracle has yet to say when a new version of Java will reach OS X. That could cause at least temporary problems for Mac owners who depend on apps and websites built around the plugin, though Java-based applications that use Java 7 separately of a web browser will not be affected by the blocking. [U] The Mozilla foundation has also quietly updated the blacklist in its Firefox browser to block the affected Java 7 web plug-in, and security experts are now advising the public to temporarily disable Java in other browsers until Oracle can release a patch for the security issues, which it has said it will do on Tuesday.
( Last edited by NewsPoster; Jan 11, 2013 at 08:08 PM. )
     
Junior Member
Join Date: Sep 2000
Location: Newport News,VA,USA
Status: Offline
Reply With Quote
Jan 11, 2013, 04:05 PM
 
I understand that this is a severe vulnerability but completely and compulsorily blocking the Java plugin is extreme. Many companies have internally developed Java applets to access databases and perform other functions. There are also games and other legitimate Java code out there. I understand that Apple probably would find it almost impossible to whitelist applets based on network source it's Oracle that needs to move!
Beware of geeks bearing Gifs
     
Dedicated MacNNer
Join Date: Jan 2007
Location: SF
Status: Offline
Reply With Quote
Jan 11, 2013, 04:53 PM
 
I could be mistaken, but not all browsers comply with the XProtect thingee.
     
Senior User
Join Date: Apr 2001
Location: Victoria, Australia
Status: Offline
Reply With Quote
Jan 11, 2013, 05:53 PM
 
They blocked the Java 7 *plugin*, not Java 7. That is a big difference. Java applications will still run on the Mac - just not in a browser. If they blocked Java 7, developers who work in Java (for example, web server back ends) would suddenly find they could no longer work on their Macs.
     
MacNN Editor
Join Date: Aug 2001
Location: Maitland, FL
Status: Offline
Reply With Quote
Jan 11, 2013, 11:38 PM
 
Thanks for pointing this out, the article has been revised to make that clearer.
Charles Martin
MacNN Editor
     
Fresh-Faced Recruit
Join Date: Jan 2013
Status: Offline
Reply With Quote
Jan 12, 2013, 11:00 AM
 
Websites that require Java to run always inform the users that the plugin is required to view the content, so I don't see this as a big issue. By blocking it Apple makes sure that everything is safe for its users.
     
Forum Regular
Join Date: Sep 2000
Location: Michigan, USA
Status: Offline
Reply With Quote
Jan 12, 2013, 12:42 PM
 
What's the final word on this? Do I need to take action to protect my Mac?

Will Sophos antivirus software, which I have installed and updated, catch and eradicate this if I do stumble across it?
MBP 17" Core i7 matte screen; iPad 16Gb 3G
     
Fresh-Faced Recruit
Join Date: Aug 2007
Status: Offline
Reply With Quote
Jan 12, 2013, 01:17 PM
 
Java 6 is still working as a plugin in Safari on Lion 10.7.5. I had to go back to Java 6 after installing Java 7 on Tuesday and it freezing.
Java for OS X 2012-006: How to re-enable the Apple-provided Java SE 6 applet plug-in and Web Start functionality
BTW, I hate Java.
     
Dedicated MacNNer
Join Date: Jan 2007
Location: SF
Status: Offline
Reply With Quote
Jan 14, 2013, 06:12 PM
 
Jeff75. You should avoid accessing sites that use client side Java applets.
- How do you know if a site uses Java applets until you go there? You should make sure your Java security settings alert you to that. You get a warning that a site wants to put a client side applet on your machine.
- Will Sophos antivirus catch and eradicate "this" if I do stumble across it? That all depends on what "this" is. Between the time that a vulnerability is discovered and when the AntiVirus folk create a detection mechanism, there is a window of opportunity for your system to become compromised. In the event a known malware product leaves a detectable trace (specific actions, or specific files indicative of a compromise) your AntiVirus may well catch and block those specific actions, and/or eradicate the offending files (presuming your settings specify those AntiVirus remediation steps). The Java plugin vulnerability is typically an attack "vector", meaning, that's how they can get in. The damage is usually done by software the intruder installs after gaining access.
In short, yeah, maybe - or - almost certainly, eventually.

If you want to be as safe as you can, make sure your AV software, Java software, and browser plugins are up to date. Don't reduce security settings for expedience.

My 2 cents.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 01:37 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2