Posted by: David Harley | February 20, 2013

Apple sails away from Java (plug-ins)

[Update: you may find Lysa Myers’ article speculative article What We Know About Apple’s Malware Breach of interest. Well, I did.]

John Leyden reports in The Register that: Apple FINALLY fills gaping Java hole that pwned its own devs

Apple has belatedly patched a security hole in the Java engine it ships with Mac OS X – the very hole exploited by hackers to infect Apple’s own developers, their counterparts at Facebook and scores of other Mac-using companies.

Paul Ducklin remarks for Sophos that:

It’s telling, perhaps, that Apple, with this most recent update, seems to have washed its hands permanently of browser-based Java.

The update is for OS X 10.7 or later (10.6 has already been updated). Apple says:

This update uninstalls the Apple-provided Java applet plug-in from all web browsers….[and]….also removes the Java Preferences application, which is no longer required to configure applet settings.

David Harley CITP FBCS CISSP
Mac Virus/Small Blue-Green World/Anti-Malware Testing
ESET Senior Research Fellow

Advertisements

Responses

  1. Reblogged this on Khürt/blog (WordPress.com).


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: