In an earlier article we already discussed about Java 7’s vulnerability towards serious security attacks. It has been estimated that 600,000 MAC users are attacked as a result of this vulnerability. Oracle has not promised any patch release to cover up this vulnerability. Meanwhile, to prevent their users from further attacks, A pple has disabled Java 7 plugins from all the MAC machines. Apple has taken this decision, after the U.S department of homeland security warned that Java 7 is vulnerable to serious security issues and recommended all users to uninstall the software immediately.
With the latest update of OS X anti malware system, MAC users are restricted from running Java 7 in their machines. Apple has achieved this by updating their “Xprotect.plist” file, which says that the minimum version of Java that should be running in the user’s machine is 1.7.0_10-b19. But this version of Java has not yet been released. Hence the currently installed Java 7 will not meet the minimum required version demanded by the Apple’s anti malware system.
It is to be noted that until 2010, Apple was releasing their own updates for Java. But Steve Jobs realized that they are always one version behind the Oracle’s Java releases and joined hands with Oracle to provide Java support for OS X. Java 7 was the first official Oracle’s release with support for OS X. Since this version of Java does not get installed on MAC machines by default, only those users, who have installed the software manually, were exposed to security attacks. But now Apple has made sure that all their users stay safe, by disabling Java plugins.
Hacks that exploit the vulnerability are made public which increases the threat, since anyone could perform the attack. So if you are either a MAC user or a windows user, make sure that you stay away from Java 7, until a reliable security patch has been released. Hopefully soon.....