“The recently released Java 7 Update 11 has been blocked by Apple through its XProtect anti-malware feature in OS X,” Sam Oliver reports for AppleInsider.
“Oracle issued the latest update to Java earlier this month to fix a serious zero-day security flaw,” Oliver reports. “The threat was so serious that the U.S. Department of Homeland Security had recommended that all Java 7 users disable or uninstall the software until a patch was issued.”
Oliver reports, “Apple took action on its own and quietly disabled the plugin through its OS X anti-malware system. And as noted by MacGeneration on Thursday, Apple has again updated its OS X XProtect list, this time to block Java 7 Update 11.”
Read more in the full article here.
Related articles:
Why fixing the Java flaw will take so long – January 16, 2013
How to kill Java dead, dead, dead; this outdated tech must be exterminated – January 15, 2013
Java 7 update 11 security patch fixes nothing; users advised to disable Java – January 14, 2013
Oracle releases Java Version 7 Update 11 – January 14, 2013
Oracle Corp to fix Java security flaw ‘shortly’ – January 12, 2013
Apple blocks OS X Java 7 plug-in as U.S. Department of Homeland Security warns of zero day threat – January 11, 2013
Apple makes OS X even more secure for Mac users by removing Java – October 19, 2012
Apple uninstalls Java applet plug-in from all web browsers – October 17, 2012
New zero-day Java exploit puts 1 billion PCs and Macs running OS X 10.6 or earlier at risk – September 26, 2012
Warning: New Java trojan targets Apple’s OS X along with Windows, Linux – July 11, 2012
Apple releases Java Update to remove Flashback trojan – April 12, 2012
OS X trojan variant preys on Mac users with unpatched Java – February 27, 2012
Jobs: Having Oracle, not Apple, release timely Java updates better for Mac users – October 22, 2010
Apple deprecates its release of Java for Mac OS X – October 21, 2010
Is this why two sites that I regularly frequent that use Java plug-ins suddenly don’t work this morning? I used one of them yesterday with no problem whatsoever, and have changed nothing on my computer since then.
Even though I’m still on Snow Leopard and using Java 6?
Without Java installed it is impossible to file state or federal taxes, pay credit cards, utility bills, real estate taxes etc. if I disable Java, I might as well close my business.
Try a different browser then? This is a safari feature.
Are you confusing Java with Javascript? They are two completely different things.
So everybody who files tax forms should have a degree in programming?
I manage a network of about 160 macs in a small school district (sort of a side job) and I’m getting tired of these Java issues eating up my time.
If I’m not pushing out Java updates to 130 or so MacBooks and MacBook Pros (which is often like trying to herd flies) then I’m having to explain to users why their plug-ins aren’t working as if it’s my fault.
Either Java needs some serious work or it needs to be eliminated. Unfortunately, a few major programs (like lazily updated Creative Suite) won’t even launch without it.
Java gives me an inkling of what it would be like to manage a Windows network . . . and I’m not fond of it.
There is a thread on this at the Macrumors forum, including some info on how to re-enable Java
http://forums.macrumors.com/showthread.php?t=1535045&page=2
I’d prefer MacRumors, and everyone else, instead instruct everyone to complain to all websites using and requiring Java. Considering Oracle’s careless and idiotic disregard for Java’a severe and consistent security problems, killing Internet Java ASAP is the best solution. Otherwise, the Java hell will be never ending.
Sure, that’s a great idea, but until that happens, there is an alternative.
And I have no doubt most of us here would use the workarounds responsibly. But, as I posted at MacRumors (as ‘derek’) I know there are LUSERS out there who will abuse the workarounds, and I would rather see a push now to kill off Java ASAP. I have zero faith in Oracle solving their Java hell.
I’m glad Apple continues to be proactive regarding Oracle’s ongoing ruination of Java.
But we knew there were published exploits for Java 7u11 on January 13th. Apple’s still a bit slow:
http://krebsonsecurity.com/2013/01/new-java-exploit-fetches-5000-per-buyer/
We also know that Oracle’s lame-ass attempts at so-called ‘security’ settings for Java are worthless, easily by-passed.
Just Turn Java Off (Thank you Apple!)
OR
Permanently Uninstall the POS
I thinner tjat JAVA have gotten very bad press for this. Much more than warranted. It’s serious though and Sun and now Oracle have always been very slow to fix anything. Critical holes could go I patched for months because Sun and Oracle was waiting for their patch cycle. How ever. Flash from Adobe is installed on even more systems than Java, used on more sites than Java and we know Asquith is very bad in Flash. They do patch faster these days but every patch for flash contained like 15-20 security fixes. It’s a gigantic flaw the whole software and its prone to zero days. I think that Flash is a much greater threat than Java and the reason for Homeland Security to get involved I think is because allot of Government computers and corporations use Java not that this flaw was most serious than a zero day in Windows or Flash. At leas that’s what I think.