In association with heise online

01 February 2013, 17:30

Apple blocks Java in the browser again

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Java alert Apple has updated its XProtect system to block Java in the browser. Although the company has not officially announced the change, all versions of the Java plugin lower than Java 7 Update 11 (, are blocked and this includes the current release of Java 7 for Mac OS X which has the version number

Apple previously blocked Java early in January in response to a dangerous vulnerability in Java which had been used in the wild. In this case though, Apple appears to have pre-empted the appearance of an exploit in the wild. Researcher Adam Gowdiak revealed that he had a proof of concept that allowed an unsigned applet to completely bypass the new security measures Oracle had added in Java SE 7 Update 10 and 11.

Why Apple is reacting pro-actively to the potential threat is unclear. The company may already be expecting an update from Oracle to close the hole found by Gowdiak or it could be anticipating the appearance of a wild and malicious exploit.

Apple's XProtect control
Zoom Apple's XProtect control
Apple's XProtect scheme is a regularly updated listing of versions of applications that should not be allowed to run. The list updating is controlled from a checkbox in the System PreferencesSecurity section, under the Advanced button and marked Automatically update safe downloads list. Unchecking and then rechecking that checkbox will force a download of the latest list.

A future update for Java should, without an update to XProtect, re-enable Java in the browser, though users who do not need Java in the browser should play it safe and keep it disabled.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit