“The Apple critics are dancing their dance once again today following news of a Java-based malware attack on Macs,” Jonny Evans writes for Computerworld. “But, given Java is the bad boy in the room, shouldn’t critics and Kool-Aid drinkers alike just do the right thing and switch Java off for good?”
“We know there is a Java problem — most security experts agree with Sophos’ security expert, Paul Ducklin, who has consistently told computer users on any platform to ‘switch Java off,'” Evans writes. “This is certainly not the first Java-based expoit to affect Mac users — remember the Flashback attack?”
Evans writes, “Putting this into a wider context, as devices become connected (the Internet of Things) and mobile devices proliferate, it’s becoming ever more clear that Java may represent a major threat to the whole edifice of a connected intelligent Web.”
Read more in the full article here.
Related articles:
Oracle releases Java 7 Update 15 – February 20, 2013
Hackers’ attacks on Apple, Facebook, 40 other companies said to come from eastern Europe – February 20, 2013
Apple releases Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 13 – February 19, 2013
Some Apple Inc. employees hit by same hackers who targeted Facebook last week – February 19, 2013
Bad Java: Apple blocks Oracle’s latest Java version via OS X anti-malware system – January 31, 2013
Why fixing the Java flaw will take so long – January 16, 2013
How to kill Java dead, dead, dead; this outdated tech must be exterminated – January 15, 2013
Java 7 update 11 security patch fixes nothing; users advised to disable Java – January 14, 2013
Oracle releases Java Version 7 Update 11 – January 14, 2013
Oracle Corp to fix Java security flaw ‘shortly’ – January 12, 2013
Apple blocks OS X Java 7 plug-in as U.S. Department of Homeland Security warns of zero day threat – January 11, 2013
Apple makes OS X even more secure for Mac users by removing Java – October 19, 2012
Apple uninstalls Java applet plug-in from all web browsers – October 17, 2012
New zero-day Java exploit puts 1 billion PCs and Macs running OS X 10.6 or earlier at risk – September 26, 2012
Warning: New Java trojan targets Apple’s OS X along with Windows, Linux – July 11, 2012
Apple releases Java Update to remove Flashback trojan – April 12, 2012
OS X trojan variant preys on Mac users with unpatched Java – February 27, 2012
Jobs: Having Oracle, not Apple, release timely Java updates better for Mac users – October 22, 2010
Apple deprecates its release of Java for Mac OS X – October 21, 2010
I have it off in Safari and as far as I know I’ve never missed it. What amazing effects/utility am I missing? Anyone?
Nothing, really. Viruses, if you consider those “features”. Lol
as with most users, you won’t miss a thing. i think you’ll know if you need Java for something (for example, the web meeting app my company uses requires it).
My wife has been cursing Apple for switching Java off, she can no longer access the online games at POGO.com. I tell her it is a good thing and Apple is protecting us, but she blames Apple. I think there are many people in the world like her. It is a third party’s fault, but everyone gets mad at Apple.
Hang in there. It’s a temporary thing. Once she gets her driver’s license she will move on.
Yah, same as Flash on iOS. But look at the world now… what is Flash again? haha
It’s disabled in my browsers, but I still need it installed on the system itself for certain cross-platform editors.
One of the better offline editors for OpenStreetMaps for example. Their less capable web-based editor is Flash. Pick your poison…
Another is either the world or overlay editor for X-Plane. Worse, that one *requires* Java 6, it won’t run with Java 7.
Must-haves? Of course not. But still indispensable for certain niches? Definitely.
Well, one thing that does get broken is the output from Apple’s “iWeb” application in iLife. I’ve included my iWeb-based website on my link if you want to see how disabling Java breaks it.
-hh
I tried turning off Java on my iPhone and Macs.. Many, many websites, particularly tech forums and new sites, use Java.
I keep having to turn it back on.. I’m hoping developers find a way around Java.
Hmm. can’t say I’ve missed it, but maybe I’m lucky in terms of the sites I frequent. As I understand it, you should disable Java in Safari (although I think Apple’s update has done this already), but it’s OK to leave JavaScipt enabled. Would I miss anything if I disabled JavaScript?
I think my question has been answered below. I’ll continue to leave JavaScript on.
The iPhone doesn’t have Java. Are you turning off javascript? Although they share “java” in their name, java and javascript are not related and are two totally different languages.
disable JAVA and JAVASCRIPT… miss nothing
JavaScript is completely unrelated to Java. Turn off JavaScript and you will disable most of the functionality on most of the websites you visit.
Java is a tool that developers use to make their websites fancier and easier to use; just like Flash was. If everyone shuts it off, another new tool will simply be used to accomplish the same thing. Once that tool is being used significantly, malicious hackers will track down vulnerabilities within that tool. Basically, hackers find vulnerabilities that will return the greatest reward for their efforts.
The only solutions are to utilize nothing “fancy” beyond straight HTML (which isn’t likely to happen) or for developers to create less vulnerabilities (even less likely given that they try to crank out the maximum product in the shortest time with the minimum of testing). That last part is not entirely their fault: consumers expect to everything now!
My favorite bittorrent client is Vuze, which runs on Java. Maybe I should move to Transmission…
I’m installing the Java updates as they are released but still have Java turned off. Unless a website I trust needs it on, I leave it off.
No problems to hark and rant about.
This is going to be like flash, eventually, maybe, just maybe, developers will stop using Java, but it will take time, a long time, and money, a lot of money, to redesign websites, so just ‘turning it off’ does not really present a practical solution at this time. OK, if you do not access any websites that use Java fine, but I think that is a minority right now.
@trondude:
You must be thinking of Javascript, which is completely unrelated to Java. Most websites DO use Javascript, but most do NOT use Java. The security issues being discussed here are about Java, not Javascript.
The Apple download page for this Java update indicates it is compatible with 10.6 but when you try to install it you get an error message saying that 10.7 is required. How Microsoftian! The dumbing down of Apple continues…
Very simple. Java 6 is compatible with 10.6, Java 7 is compatible with 10.7 and higher. There are updates available to patch both of them.
What we need is a clicktojava utility, just as we have clicktoflash for Flash web content.
I was going to suggest ClickToPlugin – that can disable/enable plugins on a case-by-case basis. Apparently, however, it is unable to block Java because WebKit treats Java as a special plugin:
http://hoyois.github.com/safariextensions/clicktoplugin/
“ClickToPlugin does not block elements. These elements are used to embed Java applets into web pages and launch a Java plug-in. The reason is that they cannot be blocked.”
Oh well.