Apple recently disabled the Java 7 plugin on Macs through its OS X anti-malware system as a precautionary measure to protect users from a potentially serious security issue. The newly discovered zero-day flaw in Java 7 is so serious that the U.S. Department of Homeland Security has warned users to disable or uninstall it. According to the department’s Computer Emergency Readiness Team:
We are currently unaware of a practical solution to this problem. This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also available.
This isn’t the first time Apple has had issues with Java security either. Apple stopped building its own in-house Java updates last year, handing off the responsibility to Oracle. Since then Java was a part of what was the most serious malware threat to the Mac, dubbed “Flashback.” The Trojan was estimated to have infected 600,000 Macs worldwide last year before Oracle and Apple released Java patches to remove the malware. We’ll have to wait and see if either push a patch to help provide security against the current threat.
Source: MacRumors, ZDNet