Apple removed Java from their Mac OS X browsers
In the latest update to the Mac OS X removed the Apple-provided Java plug-in from all their web browsers.
“Cupertino’s coders not only bumped up their Java version to Oracle’s latest release of Java SE 6 (1.6.0_37), but also ripped out the browser plugin component entirely,” according to Sophos’ Paul Ducklin. “So, after you apply the latest OS X Java update — which you only need if you have already chosen to install Java — you will no longer be able to run applets in your browser.”
“The steps taken seem designed to ensure that any user who does need Java on Mac OS X in the browser will run not only Oracle’s applet but also their latest Java 7 runtime,” The H Security wrote. “Older versions of both Apple and Oracle’s Java runtime were vulnerable to 30 holes, with 29 of them being listed as remotely exploitable without authentication.”
“Over the past five years or so, Java has emerged as one of the most widely exploited software packages,” said Ars Technica’s Dan Goodin. “This is due to its wide availability on computers running Windows, OS X, and Linux and because of the ease hackers have in exploiting vulnerabilities.”
“In April more than 600,000 Macs were reported to have been infected with a Flashback Trojan horse that was being installed on people’s computers with the help of Java exploits,” writes Macworld’s Karen Haslam. “Then in August Macs were again at risk due to a flaw in Java … this time around, there was good news for Mac users: Thanks to changes Apple has made, most of us were safe from the threat.”