Vulnerabilities found in Java 7 are so dangerous that Apple has pushed out code to block the plug-in at the OS level to protect users. Essentially, it’s risky just to have Java installed and running on your Mac (or any computer, really).
Reported earlier this week and highlighted by ZDNet today, the flaws in Java 7 and malicious code for exploits are so prevalent in the wild that, according to MacRumors Apple has taken steps to block the plugin through blacklisting it:
Apple has, however, apparently already moved quickly to address the issue, disabling the Java 7 plug-in on Macs where it is already installed. Apple has achieved this by updating its “Xprotect.plist” blacklist to require a minimum of an as-yet unreleased 1.7.0_10-b19 version of Java 7. With the current publicly-available version of Java 7 being 1.7.0_10-b18, all systems running Java 7 are failing to pass the check initiated through the anti-malware system built into OS X.
Most experts feel that if you don’t need Java you should uninstall it and if you do need Java (I need it Crashplan), to take steps to make sure that the plugin doesn’t run. TNW reports that Mozilla has pushed out an update to Firefox to block the plugin as well. Nothing from Google on whether Chrome will follow suit.
Myself, I’ve disabled the Java plugin in Chrome, manually, but will be taking extra steps to make absolutely sure that Java isn’t going to run when I don’t want it to (which is only to back up my computer).
We suggest you do the same.
Photo from Flickr by David Joyce.