Pulling the plug

Apple disable Java plug-in on OS X

Elliot Bentley
security.11

In the wake of rampant unpatched exploits, Apple push a security update to deactivate Java plugin by default.

In a
security update released yesterday, Apple have disabled the Java
browser plug-in on OS X. This comes in the wake of several
Java-based
zero-day exploits
, as well as
accusations
that Oracle are failing to patch vulnerabilities
quickly. Many publications urged readers to uninstall Java in order
to protect themselves, a storm of bad PR which appears to be
continuing unabated.

Apple has offered no official statement regarding the removal of
the Java plug-in.
However, it is worth noting that this update does not remove Java
altogether from the system, and that applications that rely on
Java, such as OpenOffice, Vuze and Photoshop, will be
unaffected.

With client-side Java rapidly disappearing in favour of HTML5, this
shouldn’t affect too many developers, and users can still
re-install the plugin if they really need to. Still, this
apparently
leaves two versions of Java, SE 7 and SE 6 running
side-by-side. And it’s
embarrassing
that Java is now considered so insecure that, as a
safety precaution, OS X users are by default not allowed to use it.
It seems Java’s future on the desktop is looking increasingly
bleak.

Author
Comments
comments powered by Disqus