Apple Says No Java For You In Mac Browser
Apple has a way of aggressively simplifying life for its users. This time, it’s vastly cutting down on their Java habit.
After a string of security vulnerabilities in Oracle’s ubiquitous program, Apple’s latest Java update released on Tuesday strips the program out of users’ browsers on Mac OSX. Apple’s tersely-worded advisory on the decision explains that if users need Java to run content on a web page, they’ll be prompted to download the plug-in. In addition to nixing the Java applet in browsers, Apple’s update also fixes 20 bugs in Oracle’s program
Although Apple hasn’t explained its move to cut out Java from Mac users’ browsers, it’s likely that Cupertino has had enough of the program’s endless string of bugs that have allowed malware-infected websites to download malicious programs to users’ machines. Beginning in late August, for instance, hackers exploited a vulnerability in Java to install nasty programs like the Poison Ivy trojan to PCs. When Oracle patched the flaw–four months after it was reported to the company by external researchers–it was soon discovered that the patch itself had an exploitable vulnerability that would allow its security measures to be bypassed. And before that bug could be patched, another critical security flaw in the program appeared.
A vulnerability in Java was also the culprit that allowed the malware known as Flashback to infect more than 600,000 Apple users in an unprecedented Mac botnet, although in that case it was Apple whose delay in implementing Oracle’s security fix led to the attack.
In the wake of Flashback, Apple’s update to Java disabled the browser plug-in for any users who hadn’t recently used it, and set the program to be disabled again after certain periods of disuse. Apple had also already removed Java in its latest versions of Mac OSX. Now it’s going further in its Java purge by actively disabling the plug-in for all users.
For Windows users, too, Apple’s move should serve as a reminder that Java poses security risks that may outweigh its usefulness in browsing the Web. Blogger Brian Krebs has assembled a helpful guide to uninstalling the program here.
And for Oracle, Apple’s Java boycott should serve as a wake-up call: Get serious about maintaining Java’s security, or watch one of its most widespread programs go extinct.
- Printer-friendly version
- Log in to post comments
- 4197 reads