[brailleblaster] Apple Blocks Java 7 Plug-in on OS X to Address Widespread Security Threat - Mac Rumors
- From: Keith Reedy <keithreedy@xxxxxxxxxxxx>
- To: "brailleblaster@xxxxxxxxxxxxx" <brailleblaster@xxxxxxxxxxxxx>
- Date: Fri, 11 Jan 2013 14:08:33 -0500
You folks may have already seen this, but, if you have not, please read this.
http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-widespread-security-threat/
Apple Blocks Java 7 Plug-in on OS X to Address Widespread Security Threat
As noted by ZDNet, a major security vulnerability in Java 7 has been
discovered, with the vulnerability currently being exploited in the wild by
malicious parties. In response to threat, the U.S. Department of Homeland
Security has recommended that users disable the Java 7 browser plug-in entirely
until a patch is made available by Oracle.
Hackers have discovered a weakness in Java 7 security that could allow the
installation of malicious software and malware on machines that could increase
the chance of identity theft, or the unauthorized participation in a botnet
that could bring down networks or be used to carry out denial-of-service
attacks against Web sites.
"We are currently unaware of a practical solution to this problem," said the
DHS' Computer Emergency Readiness Team (CERT) in a post on its Web site on
Thursday evening. "This vulnerability is being attacked in the wild, and is
reported to be incorporated into exploit kits. Exploit code for this
vulnerability is also publicly available."
Apple has, however, apparently already moved quickly to address the issue,
disabling the Java 7 plug-in on Macs where it is already installed. Apple has
achieved this by updating its "Xprotect.plist" blacklist to require a minimum
of an as-yet unreleased 1.7.0_10-b19 version of Java 7. With the current
publicly-available version of Java 7 being 1.7.0_10-b18, all systems running
Java 7 are failing to pass the check initiated through the anti-malware system
built into OS X.
Apple's updated plug-in blacklist requiring an unreleased version of Java 7
Apple historically provided its own support for Java on OS X, but in October
2010 began pushing support for Java back to Oracle, with Steve Jobs noting that
the previous arrangement resulted in Apple's Java always being a version behind
that available to other platforms through Oracle. Consequently, Jobs
acknowledged that having Apple responsible for Java "may not be the best way to
do it."
It wasn't until last August that the transition was essentially complete, with
Oracle officially launching Java 7 for OS X. Java 7 does not ship by default on
Mac systems, meaning that many users are not affected this latest issue or
other recent ones, but those users who have manually installed Java 7 may be
experiencing issues with their systems.
There is no word yet on when an updated version of Java addressing the issue
will be made available by Oracle.
Other related posts:
