Apple has blacklisted the latest version of the Java browser plugin to protect Mac users from the latest Java exploits. As noted by MacRumors, OS X now requires a newer, as-yet unreleased version of the Java plugin which is expected to patch a flaw that resulted from an incomplete patch added to Java last year.
Previously, OS X required point software updates in order to update its built-in protections against malware. Now, however, Apple can quickly update a malware definition file called Xprotect.plist, and OS X will check a secure Apple server for these updates on a daily basis. As of Friday, Apple has blacklisted the latest version of the Java plugin in Xprotect.plist, requiring a newer version to run Java applets in a browser.
The latest known security hole in Java is already being "massively exploited in the wild," according to security researchers. The US Computer Emergency Readiness Team (CERT) issued a warning that Java should be disabled in browsers until a patch is released by Oracle.
The Java browser plugin has been exploited in several critical malware attacks in recent months, including the high-profile Flashback malware campaign that targeted Macs in early 2012. As Apple has looked to increase the security of OS X, it has increasingly distanced itself from Java over the last couple of years. Apple deprecated its own version of Java in 2010 and removed the browser plugin from default installs of OS X last October.
reader comments
68