Apple Addresses Security Threat by Blocking Java 7 Plugin on OS X


Java_Web-165-150x109A weakness has been discovered in Java 7 security making hundreds of millions of business and consumer users vulnerable to a serious flaw. The threat is serious enough that the US Department of Homeland Security has warned users to disable or uninstall Java software on their computers, ZDNet informs. Turns out the issue affects not only the Java 7 browser plug-in, but all versions of the java plug-in for web browsers.

As reported by MacRumors, Apple moved quickly to protect its customers and disabled the Java 7 plug-in on Macs where it is already installed by updating its “Xprotect.plist” blacklist to require a minimum of an as-yet unreleased 1.7.0_10-b19 version of Java 7, because the current version of Java 7 is 1.7.0_10-b18.

As a result, the anti-malware system built into OS X will get to action and won’t let through systems running Java 7.

Apple pushed its Java support back to Oracle in October 2010. Steve Jobs wasn’t satisfied with their arrangement with Java, because it resulted in Apple’s Java being a version behind that available through Oracle.

Since the transition closed – back in August – Oracle officially launched Java for OS X, but it isn’t by default on OS X. Therefore only users who manually installed Java are affected by the latest issue or were affected by earlier issues.


  • So should we be uninstalling Java or are we good because Apple has it covered?

  • einsteinbqat

    As this is not specified in the article post, and I think that it is very important to mention, this updated Apple blacklist only applies to the Web plugin, and not Java on the Mac. This article is rather misleading.

    Apple blocked the execution of Java in the browser only.

    Also, versions of Java from 4 to 7 are all affected.

  • Cordova Bay

    Looks like Apple have the basic problem covered. It would depend on how people use the full JAVA but generally speaking that shouldn’t be a problem. These people should know they need to be careful. The guy-on-the-street with a browser plug-in probably doesn’t have enough information to understand.

    However, it should be noted that Apple has OSX 10.8 and 10.7 pretty much covered. Older OS releases are probably not protected. I have 10.6 and 10.5 systems that still support the JAVA plug-in while all of my 10.7 and 10.8s are disabled.