Friday, January 11, 2013, 12:12 pm PT (03:12 pm ET)
Zero-day flaw prompts Apple to block Java 7 from OS XApple has disabled the Java 7 plugin on Macs through its OS X anti-malware system, in order to protect users from a potentially serious security issue.
Apple's updated security measures block Java 7 in OS X. Screenshot via MacRumors.
The newly discovered zero-day flaw in Java 7 is so serious that the U.S. Department of Homeland Security has warned users to disable or uninstall it.
"We are currently unaware of a practical solution to this problem," the departments' Computer Emergency Readiness Team said. "This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also available."
But Apple has already taken measures to protect OS X users by quietly disabling the Java 7 plug-in, according to MacRumors. This was accomplished by updating the OS X "Xprotect.plist" file to require users to have installed an unreleased version of Java, "1.7.0_10-b19."
Last year, Apple stopped building its own in-house Java updates, handing responsibility over to Oracle. The company also dropped Java from the default installation of OS X 10.7 Lion in 2010.
Java was a part of what was the most serious malware threat to the Mac, dubbed "Flashback." That trojan was estimated to have infected 600,000 Macs worldwide last year, before Oracle and Apple released Java patches to remove the malware.
On Topic: Mac OS X
- Apple releases OS X 10.9.5 Mavericks with reliability enhancements, includes Safari 7.0.6
- Apple releases new OS X Yosemite betas for developers, public beta participants
- Apple Watch, AirDrop, iBeacon & Continuity coax advanced features from Bluetooth & WiFi
- VMWare releases Fusion 7 with support for OS X Yosemite and Retina optimization
- Apple issues first iCloud for Windows beta with iCloud Drive support