Apple disables Java 7 OS X plug-in after security threat found

After the U.S. Department of Homeland Security warned of a vulnerability in Java 7 that could allow malicious software to be installed on users’ machines, Apple moved swiftly to shield OS X users who have downloaded Java 7. On Friday the company disabled the OS X plug-in for the latest version running on some Apple-made machines.

MacRumors reports on how Apple did it:

Apple has achieved this by updating its “Xprotect.plist” blacklist to require a minimum of an as-yet unreleased 1.7.0_10-b19 version of Java 7. With the current publicly-available version of Java 7 being 1.7.0_10-b18, all systems running Java 7 are failing to pass the check initiated through the anti-malware system built into OS X.

Apple stopped developing Java for OS X in late 2010 and no longer includes it as pre-installed software on new Macs. Users who want the plug-in can still download the software separately; only those who have Java 7 are affected by the security threat.

Image courtesy of Flickr user [spcbrass].


GigaOM