Apple disables Java 7 OS X plug-in after security threat found
from TheAppleBlog by Erica Ogg
After the U.S. Department of Homeland Security warned of a vulnerability in Java 7 that could allow malicious software to be installed on users’ machines, Apple moved swiftly to shield OS X users who have downloaded Java 7. On Friday the company disabled the OS X plug-in for the latest version running on some Apple-made machines.
MacRumors reports on how Apple did it:
Apple has achieved this by updating its “Xprotect.plist” blacklist to require a minimum of an as-yet unreleased 1.7.0_10-b19 version of Java 7. With the current publicly-available version of Java 7 being 1.7.0_10-b18, all systems running Java 7 are failing to pass the check initiated through the anti-malware system built into OS X.
Apple stopped developing Java for OS X in late 2010 and no longer includes it as pre-installed software on new Macs. Users who want the plug-in can still download the software separately; only those who have Java 7 are affected by the security threat.