Java applet Stories October 15, 2013

Apple releases new Java update, uninstalls Apple-provided Java applet plug-ins

Apple has released Java for OS X 2013-005, which “delivers improved security, reliability, and compatibility for Java SE 6”. The update is available in the Mac App Store.

Of note, the updates “uninstalls the Apple-provided Java applet plug-in from all web browsers.” New Macs do not come with Java installed and newer versions of Java are released and maintained by Oracle.

Apple’s decision to cut off internal support and development stems from the decreased necessity for the platform and the fact that Mac malware usually comes from Java security holes. On Apple’s security page for the latest update, it is noted that some holes existed in the software:

Multiple vulnerabilities existed in Java 1.6.0_51, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_65. Further information is available via the Java website at http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html

Java applet Stories October 17, 2012

Further pushing toward the idea of a plugin-free internet, Apple has issued an update to Java for OS X that removes the Java applet plugin. Attempting to use a Java applet through any OS X web browser will now prompt users to download the latest version directly from Java maker Oracle.

This is not the first time Apple has stopped shipping a specific browser plugin with their computers. With OS X Lion, users discovered that their Macs no longer came with Adobe’s oft-derided Flash Player plugin due to its instability and security issues. Apple has long held browser plugins in contempt, especially following the success of iOS, which hasn’t supported browser plugins at all in the past six years.

Just about every Mac Trojan/vulnerability over recent months and years has been related to outdated Java code. This move should close off those attack vectors.

expand full story

Powered by WordPress.com VIP