Oracle updated Java on Tuesday 16 October 2012 and Apple followed suit a day later. Apple’s
Java for Mac OS X 10.6 Update 11 is the latest in its efforts directed at keeping Java off Macs.
It reminds us of Apple’s desire to keep Flash of the iPad and iPhone (and since Lion, the Mac) and as with Flash, Apple’s reasoning appears to be that Java is too much of a security risk.
A number of Mac Trojans and vulnerability over the past year have been related to Java code.
These latest Java updates fix 30 security holes in total and all but one allow remote code execution.
advice is “get rid of Java altogether” or “ban it from your browser”.
“Keeping Java out of your browser removes the risk of hostile applets – special stripped-down Java programs embedded into web pages” is the advice in Sophos’s Naked Security blog.
Sophos notes the actions that Apple has been taking:
First, with OS X Lion, it stopped shipping OS X with Java pre-installed.
Then Apple issued an update that would tell your browser to turn off Java if you hadn’t used it for a while.
With its latest security update, Apple has been even more aggressive – ripping out the browser plugin component entirely.
As Apple’s notes on its website explain: “This update ininstalls the Apple-provided Java applet plug-in for all web browsers.” Apple suggests that if you find an applet on a webpage you should “click on the region labeled ‘Missing plug-in’ and download the latest version from Oracle.
Some reports have questioned the fact that Apple has removed the Java Preferences utility that lets users configure how the Java runtime is managed. Cnet
notes that Java Preferences was removed from Mountain Lion but until now had still featured in Lion.
If you decide you can’t live without Java, you have to install Oracle’s Java runtime in parallel with Apple’s Java.
In April more than 600,000 Macs were reported to have been infected with a
Flashback Trojan horse that was being installed on people’s computers with the help of Java exploits. Then in August Macs were again at risk due to a flaw in Java, this time around, there was good news for Mac users: Thanks to changes Apple has made, most of us were safe from the threat.
Follow Karen Haslam on Twitter /
Follow MacworldUK on Twitter
Digest: A history of the Mac Flashback Trojan