+ Reply
Results 1 to 13 of 13

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: New Zero Day Flaw Causes Apple to Quietly Block Java 7 from OS X

is a discussion within the

Mac News

forums, a part of the

General Apple/Mac

section;
Apple recently disabled the Java 7 plugin on Macs through its OS X anti-malware system as a precautionary measure to protect users from a potentially serious security issue. The newly
...
  1. #1
    MMi Staff Writer Akshay Masand's Avatar
    Join Date
    Sep 2011
    Location
    New York City
    Posts
    3,125
    Thanks
    3
    Thanked 103 Times in 89 Posts

    Default New Zero Day Flaw Causes Apple to Quietly Block Java 7 from OS X


    Apple recently disabled the Java 7 plugin on Macs through its OS X anti-malware system as a precautionary measure to protect users from a potentially serious security issue. The newly discovered zero-day flaw in Java 7 is so serious that the U.S. Department of Homeland Security has warned users to disable or uninstall it. According to the department’s Computer Emergency Readiness Team:

    We are currently unaware of a practical solution to this problem. This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also available.
    Apple on the other hand seems to have taken measures to protect OS X users by quietly disabling the Java 7 plug-in according to MacRumors. The Cupertino California company accomplished this by updating the OS X “Xprotect.plist” file to require users to have installed an unreleased version of Java “1.80_10-b19.”

    This isn’t the first time Apple has had issues with Java security either. Apple stopped building its own in-house Java updates last year, handing off the responsibility to Oracle. Since then Java was a part of what was the most serious malware threat to the Mac, dubbed “Flashback.” The Trojan was estimated to have infected 600,000 Macs worldwide last year before Oracle and Apple released Java patches to remove the malware. We’ll have to wait and see if either push a patch to help provide security against the current threat.

    Source: MacRumors, ZDNet
    Last edited by Akshay Masand; 01-12-2013 at 03:33 AM.

    Twitter: @AkshayMasand

  2. #2
    iPhone? More like MyPhone iH85CH001's Avatar
    Join Date
    Jul 2012
    Location
    United States of America
    Posts
    295
    Thanks
    346
    Thanked 13 Times in 11 Posts

    dubbed "Flasback."
    Did you mean Flashback?



    Also, how do u disable it? Or uninstall? Because i know that i have Definitely installed java.
    Last edited by iH85CH001; 01-12-2013 at 02:16 AM.

  3. #3
    iPhoneaholic spazturtle's Avatar
    Join Date
    Mar 2009
    Posts
    321
    Thanks
    115
    Thanked 27 Times in 16 Posts

    It only block the Java we browserplug-in, not Java itself, misleading headline.

  4. #4
    My iPhone is a Part of Me exNavy's Avatar
    Join Date
    Jun 2007
    Location
    Arizona
    Posts
    996
    Thanks
    56
    Thanked 159 Times in 118 Posts

    Who the heck needs java? Write once, debug everywhere.....

  5. #5
    My iPhone is a Part of Me
    Join Date
    Jan 2009
    Posts
    695
    Thanks
    32
    Thanked 61 Times in 44 Posts

    In other news: Apple's actions "break" millions of computers without warning! I can imagine business which needed Java for their daily applications being particularly upset at this inelegant solution.

  6. #6
    iPhoneaholic spazturtle's Avatar
    Join Date
    Mar 2009
    Posts
    321
    Thanks
    115
    Thanked 27 Times in 16 Posts

    Quote Originally Posted by CZroe View Post
    In other news: Apple's actions "break" millions of computers without warning! I can imagine business which needed Java for their daily applications being particularly upset at this inelegant solution.
    They haven't block Java they blocked the Java web plugin

  7. #7
    My iPhone is a Part of Me
    Join Date
    Dec 2007
    Location
    Oklahoma
    Posts
    619
    Thanks
    25
    Thanked 75 Times in 72 Posts

    Quote Originally Posted by spazturtle View Post
    Quote Originally Posted by CZroe View Post
    In other news: Apple's actions "break" millions of computers without warning! I can imagine business which needed Java for their daily applications being particularly upset at this inelegant solution.
    They haven't block Java they blocked the Java web plugin
    To an extent his point still stands.
    Most websites that use Java interact using the plugin, not the external Java VM. For example, the NOAA NWS looping radar only worked while Java's web plugin is active. This effectively disabled the java applet.

    Applications/Programs that one downloads which use Java run in the VM directly. To me, that is a bigger issue as people can download and run a 'bad' app and that alone could wreck a system.
    Member of the hackint0sh forums.
    HowardForums Member: Haas_Dave

  8. #8
    Livin the iPhone Life bigboyz's Avatar
    Join Date
    Feb 2009
    Location
    North East Coast
    Posts
    1,454
    Thanks
    2
    Thanked 150 Times in 108 Posts

    The Beta version of Java 7 runs fine. I would suggest rolling back to Java 6..at least that is what I did.

  9. #9
    Livin the iPhone Life
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,431
    Thanks
    41
    Thanked 185 Times in 145 Posts

    How do I prevent Apple having the ability to remotely disable or enable anything on MY machine? Turn off the Anti-Malware "feature"?
    Most companies would issue a security notice, not forcibly disable something.

  10. #10
    iPhoneaholic spazturtle's Avatar
    Join Date
    Mar 2009
    Posts
    321
    Thanks
    115
    Thanked 27 Times in 16 Posts

    Quote Originally Posted by feidhlim1986 View Post
    Most companies would issue a security notice, not forcibly disable something.
    No most anti viruses disable things automatically, that is there job.

  11. #11
    Livin the iPhone Life
    Join Date
    Jul 2010
    Posts
    1,086
    Thanks
    46
    Thanked 35 Times in 29 Posts

    Quote Originally Posted by CZroe View Post
    In other news: Apple's actions "break" millions of computers without warning! I can imagine business which needed Java for their daily applications being particularly upset at this inelegant solution.
    As someone else mentioned you don't need java 7... Java 6 is fine..

  12. #12
    sad
    sad is offline
    What's Jailbreak?
    Join Date
    Jan 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Silly we need java
    Quote Originally Posted by exNavy View Post
    Who the heck needs java? Write once, debug everywhere.....
    Actually most of the Danish population need java ;-(

    Really sad, but a security system for Danes requires java ,-( And it's not even a joke. Beforehand we were using a pair of public/secret keys to this; but a couple of years ago, some smart people made this new really secure system (sorry remark heavy use of ironi in my sentence).

  13. #13
    My iPhone is a Part of Me
    Join Date
    Jan 2009
    Posts
    695
    Thanks
    32
    Thanked 61 Times in 44 Posts

    Quote Originally Posted by bigboyz View Post
    The Beta version of Java 7 runs fine. I would suggest rolling back to Java 6..at least that is what I did.
    Uhh, that's not the point. Even the vulnerable one "runs fine."

    Quote Originally Posted by spazturtle View Post
    No most anti viruses disable things automatically, that is there job.
    No. Most disable malicious things automatically and recommend other security-related changes.

    Quote Originally Posted by spazturtle View Post
    They haven't block Java they blocked the Java web plugin
    Which a TON of custom business apps use. Why do you think so many companies stuck with IE6 for so ridiculously long? IE7 broke compatibility with their custom business apps, many of which were web-enabled Java applications on internal networks. Hald the point of using Java is to make it run on various clients (Mac and PC) using a standard browser with JavaVM installed.

    Does the tool automatically disable Java 7 and roll-back to Java 6?

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts