AfterDawn: Tech news

Apple blocks Java 7 plug-in in Mac OS X after exploit discovered

Written by Andre Yoskowitz @ 12 Jan 2013 6:24 User comments (3)

Apple blocks Java 7 plug-in in Mac OS X after exploit discovered

A huge security exploit was discovered for Java versions 4 through 7 earlier this week, prompting the U.S. Department of Homeland Security to recommend users block the browser plug-in until Oracle can patch it.
Instead of giving users the choice, Apple has gone the safe route, blocking the plug-in from within Mac OS X.

The vulnerability allows remote installation of malware such as keyloggers and software that could turn your PC into a zombie for a botnet.

"We are currently unaware of a practical solution to this problem," said Homeland Security's Computer Emergency Readiness Team (CERT). "This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available."

Apple was able to block the plug-in by updating its "Xprotect.plist" blacklist "to require a minimum of 1.7.0_10-b19 version of Java 7," which is set for release in a few weeks. All other versions fail the anti-malware checks of the OS.

Previous Next  

3 user comments

112.1.2013 19:38

Don't worry. Apple will protect you.

213.1.2013 00:50

I disabled it in my browsers and blocked it in my firewall but java is still useful for other offline tasks...glad MS isn't blocking it.

313.1.2013 22:29

Makes me wish a key software did not require Java to run in it's web access. Let's hope my other content filtering and firewall saves me from my users. I so wish I could have a no java life aside from my many morning cups of coffee.

"Have you tried turning it off and on again?" ~ Roy Trenneman

Comments have been disabled for this article.

News archive