•Apple blocks Java on Macs over security flaws
Apple's decision to block Mac computers from running programs that use Oracle's Java programming language has had some unintended consequences.
Although the block was designed as a security measure to stop Java running on browsers, thus shielding users from potential hackers who can take over their computers using vulnerabilities found on the software, it was also blocking non-browser applications on Friday.
Ivan Glaser, regional chief information officer Asia Pacific, for communications group Havas Worldwide, said some 18 advertising agencies in the region woke up Friday morning to find themselves cut off from their backbone application.
Glaser said he was "astounded" that Apple would effect such block without notice.
"I don't know how many people run mission-critical Java applications, but it's a sign of Apple's omnipresence. Imagine if Microsoft pulled the switch on Exchange … It's OK if Apple blocked the browser, but these applications don't use a web browser."
He said non-Mac users could not communicate with Mac users via the applications.
"It's just irritating. When things stop working, users immediately blame IT, so we are at pains to notify staff of the reason. It's an Apple thing," Glaser said.
The U.S. Computer Emergency Readiness Team referenced, on January 10, the Software Engineering Institute Vulnerability Note VU#625617 which says: "Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system."
There is no known workaround to the latest version of Java, and the agency noted that "This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available."
Apple has already responded by disabling the Java plug-in on Macs that have it installed. OS X now has a mechanism, the "Xprotect.plist," that can be remotely updated by Apple.
The exploit was discovered by a French researcher, "Kafeine" who first described the problem.
Because the Java plug-in is disabled by Apple for browsers, applets will be prevented from executing within a browser.
Post Date: Feb 1, 2013
Download ID: DL1573
File Size: 72.7 MB
Mac OS X v10.6.8 Snow Leopard
About Java for Mac OS X 10.6 Update 12
Java for Mac OS X 10.6 Update 12 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_39.
On systems that have not already installed Java for Mac OS X 10.6 update 9 or later, this update will configure web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled "Inactive plug-in" on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.