Apple Blocks Java 7 Web Plugin Through OS X Anti-Malware System [Update]
The most recently released Java 7 update has been blocked by Apple through its XProtect anti-malware feature in Mac OS X.
It was just earlier this month that Apple acted immediately to block a zero-day security flaw discovered by hackers, and it was so serious that the US Department of Homeland Security has recommended that all Java 7 users should disable or or uninstall the Java browser plugin until Oracle updates the software.
Apple reacted by quickly and quietly disabling the plugin through its OS anti-malware system. The Java update came a couple days later, but (as noted by MacGeneration today via Apple communities) Apple has stepped in again to protect its users by updating its OS X XProtect list, this time to block Java Update 11.
Until Oracle issues an update to patch the security flaw, Mac users are protected by Apple’s own anti-malware system.
You may recall that Apple and Java had parted ways when Apple removed Java from OS X. When it launched in 2010, OS X 10.7 Lion was the first Apple desktop operating system to have dropped Java, as the software’s vulnerabilities were the common target of hackers looking to exploit the Mac OS X platform.
Update: Oracle has released an updated version of Java 7 to address certain security vulnerabilities.
The original Critical Patch Update for Java SE – February 2013 was scheduled to be released on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update. […]
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 50 new security fixes across Java SE products.
You can download the latest versions of all Java SE packages from here.