Encore: Apple Blocks Java

Friday, February 1, 2013 @ 03:02 PM gHale


Apple is blocking Java again as the computer giant updated its XProtect system to block the plugin in the browser.

Although Apple has not officially revealed the change, all versions of the Java plugin lower than Java 7 Update 11 (1.7.11.22), end up blocked and this includes the current release of Java 7 for Mac OS X which has the version number 1.7.11.21.

RELATED STORIES
Apple Updates iOS
Java Fixed, but New Flaws Exist
Oracle has Busy Critical Patch Day
Oracle Fixes Java; Fed Warning Remains

Apple previously blocked Java early in January in response to a dangerous vulnerability in Java. In this case though, Apple appears to have pre-empted the appearance of an exploit in the wild.

Researcher Adam Gowdiak said he had a proof of concept that allowed an unsigned applet to completely bypass the new security measures Oracle had added in Java SE 7 Update 10 and 11.

Why Apple is reacting pro-actively to the potential threat is unclear.

Apple’s XProtect scheme is a regularly updated listing of versions of applications that should not end up allowed to run.

Users are able to control list updating from a checkbox in the System Preferences ➤ Security section, under the Advanced button and marked Automatically update safe downloads list. Unchecking and then rechecking that checkbox will force a download of the latest list.

A future update for Java should, without an update to XProtect, re-enable Java in the browser, though users who do not need Java in the browser should play it safe and keep it disabled.



Leave a Reply

You must be logged in to post a comment.