Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on January 11, 2013

Apple takes no prisoners, immediately blocks Java 7 on OS X 10.6 and up to protect Mac users

Apple takes no prisoners, immediately blocks Java 7 on OS X 10.6 and up to protect Mac users
Emil Protalinski
Story by

Emil Protalinski

Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, incl Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, TechSpot, ZDNet, and CNET. Stay in touch via Facebook, Twitter, and Google+.

Apple on Thursday quietly disabled Java 7 on Macs that already have the plug-in installed. The news comes soon after we learned Mozilla added all recent versions of Java on Friday to its Firefox add-on blocklist, meaning the former beat the latter to the punch.

The two companies are reacting to yesterday’s news of a new Java vulnerability. The critical security hole, which allows attackers to execute malicious software on a victim’s machine, is currently being exploited in the wild and is also available in common exploit kits.

Apple is going about things a bit differently. It did not announce the change in a blog post, like Mozilla did, but that’s to be expected. More importantly, it completely blocked Java 7, while Mozilla still lets its users run the plug-in if they feel they need to.

The company has disabled Java 7 by updating its antimalware protection system. For reference the file in question is located on Macs here: “/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/Xprotect.plist.”

As pointed out by MacRumors, the blacklist now requires a minimum of Java 7version 1.7.0_10-b19. Since the latest current publicly-available version of Java 7 is 1.7.0_10-b18, all Macs running Java 7 are now marking it as malware. This will stop once Oracle releases a patch.

At first we thought that Apple was following in Mozilla’s footsteps in issuing this malware definitions update, but upon closer inspection it seems the former beat the latter to the punch. The file in question was updated last night, the same day that the Java vulnerability was discovered.

If you’re on OS X 10.6 Snow Leopard or higher, Apple has taken care of things for you. If you are using Windows or Linux, we recommend uninstalling Java if you don’t need it and disabling it if you do.

See also – Oracle’s Java vulnerability left open since October 2012 ‘fix’, now being used to push ransomware and New Java vulnerability is being exploited in the wild, disabling Java is currently your only option

Image credit: Manu Mohan