Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

 
 
Thread Tools Search this Thread Display Modes
Prev Previous Post   Next Post Next
Old Jan 31, 2013, 08:48 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple Once Again Blocks Java 7 Web Plug-in




Earlier this month, Apple took the unusual step of remotely blocking Oracle's Java 7 browser plug-in due to a major security vulnerability, using the "Xprotect" anti-malware system built into OS X to enforce a minimum version number that had yet to be released. Within days, Oracle updated Java to address the issue, with the new version number making the Java plug-in usable on OS X systems once more.

As noted by French site MacGeneration [Google translation] and the Apple discussion forums, Apple has once again blocked the Java 7 plug-in using Xprotect.

The updated blacklist enforces a minimum Java plug-in version of 1.7.0_11-b22, while the latest version of the plug-in is 1.7.0_11-b21.

The exact reason for Apple's renewed block on the Java plug-in is unknown although reports immediately following the release of Update 11 earlier this month indicated that it fixed only one of the two bugs that contributed to the security vulnerability. In the wake of that news, cybersecurity officials recommended that most users disable Java even with the up-to-date plug-in installed.
Quote:
Oracle Security Alert CVE-2013-0422 states that Java 7 Update 11 addresses this (CVE-2013-0422) and an equally severe, but distinct vulnerability (CVE-2012-3174). Immunity has indicated that only the reflection vulnerability has been fixed and that the JMX MBean vulnerability remains. Java 7u11 sets the default Java security settings to "High" so that users will be prompted before running unsigned or self-signed Java applets.

Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future.
If this continued issue is indeed the reason for the new block by Apple, it is unclear why the company waited several weeks to update its plug-in blacklist.

Article Link: Apple Once Again Blocks Java 7 Web Plug-in
MacRumors is offline   0 Reply With Quote

 
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Releases New Java 6 Updates With Enhanced Security, Uninstalls Apple-Provided Java Applet Plug-in MacRumors Mac Blog Discussion 49 Oct 22, 2013 09:58 AM
Apple Again Blocks Older Versions of Java Over Vulnerability MacRumors Mac Blog Discussion 27 Sep 2, 2013 02:40 PM
Apple Releases Safari and Java Updates With Plug-In and Security Improvements MacRumors MacRumors.com News Discussion 77 Apr 23, 2013 03:09 PM
Oracle Releases Java 7 Update 13 to Address Security Issues, Reenable Web Plug-in on OS X MacRumors MacRumors.com News Discussion 134 Feb 17, 2013 12:40 PM
Apple Blocks Java 7 Plug-in on OS X to Address Widespread Security Threat MacRumors MacRumors.com News Discussion 247 Jan 19, 2013 02:22 PM

Forum Jump

All times are GMT -5. The time now is 03:44 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC