AfterDawn: News

Apple blocks Java 7 plug-in in Mac OS X after exploit discovered

A huge security exploit was discovered for Java versions 4 through 7 earlier this week, prompting the U.S. Department of Homeland Security to recommend users block the browser plug-in until Oracle can patch it.

Instead of giving users the choice, Apple has gone the safe route, blocking the plug-in from within Mac OS X.



The vulnerability allows remote installation of malware such as keyloggers and software that could turn your PC into a zombie for a botnet.

"We are currently unaware of a practical solution to this problem," said Homeland Security's Computer Emergency Readiness Team (CERT). "This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available."

Apple was able to block the plug-in by updating its "Xprotect.plist" blacklist "to require a minimum of 1.7.0_10-b19 version of Java 7," which is set for release in a few weeks. All other versions fail the anti-malware checks of the OS.

Written by: Andre Yoskowitz @ 12 Jan 2013 18:24

• Previous article

• Raspberry Pi hits at least 500,000 sold

• Next article

• Paper retracts story that claimed Apple denied cheaper iPhone coming

• 3 comments

• Azuran

  Don't worry. Apple will protect you.
  

  12.1.2013 19:38 #1

• KillerBug

  I disabled it in my browsers and blocked it in my firewall but java is still useful for other offline tasks...glad MS isn't blocking it.
  

  
  

  13.1.2013 00:50 #2

• bobiroc

  Makes me wish a key software did not require Java to run in it's web access. Let's hope my other content filtering and firewall saves me from my users. I so wish I could have a no java life aside from my many morning cups of coffee.
  

  AMD Phenom II 965 @ 3.67Ghz, 8GB DDR3, ATI Radeon 5770HD, 256GB OCZ Vertex 4, 2TB Additional HDD, Windows 7 Ultimate.
  
  http://www.facebook.com/BlueLightningTechnicalServices

  13.1.2013 22:29 #3