Apple Blocks Java Plug-in on OS X to Address Major Security Threat

Oracle_Java

The U.S. Department of Homeland Security issued a warning of a major Java security flaw and encourages users to disable or uninstall Java on their computers until a workaround is released.

The U.S. Department of Homeland Security has warned users to disable or uninstall Java software on their computers, amid continuing fears and an escalation in warnings from security experts that hundreds of millions of business and consumer users are vulnerable to a serious flaw.

Hackers have discovered a weakness in Java 7 security that could allow the installation of malicious software and malware on machines that could increase the chance of identity theft, or the unauthorized participation in a botnet that could bring down networks or be used to carry out denial-of-service attacks against Web sites.

“We are currently unaware of a practical solution to this problem,” said the DHS’ Computer Emergency Readiness Team (CERT) in a post on its Web site on Thursday evening. ” […] Java users should disable or uninstall Java immediately to mitigate any damage.

Apple has addressed the issue quickly by disabling the Java plug-in on Macs. The company has achieved this by updating its “Xprotect.plist” backlist to require a minimum of a 1.7.0_10-b19 version of Java 7, which hasn’t been released yet.

Java, which is installed on hundreds of millions of computers around the world, is a computer language that enables programmers to write software using just one set of code that will run on virtually any type of computer.

Java does not come pre-installed on Mac systems, which means many users are not affected by this issue or any of the other recent ones. But for Mac users who have manually installed the software, luckily Apple was quick to disable it.

There is no word yet on when an updated version of Java that addresses the issue will be made available by Oracle.