![]() While Lion and Mountain Lion did not include Java, users may have installed it themselves: When a browser encounters a Java applet, OS X asks for permission to download the Oracle software. ![]() company is still responsible for patching Java 6 and earlier, but Oracle takes care of OS X users running Java 7. "It will enhance security, and reduce the number of web-accessible Java installations on Macs."Īpple stopped bundling Java with OS X starting with 2011's Lion this year's Mountain Lion also omitted Java. " might be part of the migration to a Java completely provided by Oracle," said Kandek via instant message today. Wolfgang Kandek, CTO of Qualys, saw Wednesday's plug-in elimination as both a security enhancement and an attempt by Apple to push customers towards Oracle as the distributor of Java. Earlier, Apple had made similar moves on Java, first blocking automatic execution of the Oracle plug-in, then following that with a patch that automatically disabled the plug-in if it had not been run in the past 35 days. ![]() Those applications, such as CrashPlan, are still functional and there are no known vulnerabilities for that configuration.The company reacted with several measures, including blocking older versions of Flash. Those using software that relies on the desktop version of Java, which is separate from the browser plugin, need not take further action at this time. In response, Apple today again updated Xprotect to block the current version of Java, 1.7.0_11-b21, by setting a minimum version number of 1.7.0_11-b22.įor those interested in learning more about the Java exploit TMO’s John Martellaro has a detailed explanation of the risks and instructions on how users can check to see if they are vulnerable. Unfortunately, MacRumors points out that security researchers found that Oracle only addressed one of the two vulnerabilities, leaving the plug-in a still serious security threat. As a precaution, Apple set the version number to one that did not yet exist.Ī few days after the news broke, Oracle released an update to address the vulnerabilities, and changed the version number so that Xprotect would no longer block it. The company configured the system so that a minimum version number of Java had to be installed in order for it run automatically. Java had already been the source of several past OS X vulnerabilities so the Cupertino company proactively disabled the plugin in Safari rather than risk another security crisis.Īpple used OS X’s built-in “Xprotect” anti-malware system that was introduced in 2009 with OS X 10.6 Snow Leopard. Department of Homeland Security issued an urgent warning to computer users that a serious exploit had been found in the popular Java plugin. Oracle updated Java to address the security issues but after a short delay, Apple has again remotely blocked Java on OS X, as reported by French site MacGeneration. A major security breach in Oracle’s Java 7 browser plugin earlier this month caused Apple to remotely disable Java for all OS X Safari users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |