Home » Mac, Security

Mac Security: XProtect Update Obviates Java Exploit [u]

14 January 2013 6,926 views 6 Comments

There's a serious Java vulnerability that could indeed affect Mac security. But Apple's XProtect is already on the job, obviating the immediate threat…

There’s a serious Java vulnerability that could indeed affect Mac security. The feds advise disabling Java because the vulnerability is being actively exploited in the wild and that upwards of 850 million computers are vulnerable. Meanwhile Oracle is promising that a fix will be released in short order.

In the here and now, the Department of Homeland Security (DHS), the people that put on security theater at the airport, has issued an alert stating that anyone with Java installed should disable it. Moreover, the security issue affects Java 4 through Java 7, says the National Vulnerability Database.

“We are currently unaware of a practical solution to this problem,” said the DHS’ Computer Emergency Readiness Team (CERT). “This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available.”

DHS, unaware? Say it isn’t so. But fear not, intrepid Mac users, because Apple in its infinite wisdom has done something brilliant — updated OS X’s integrated security app, XProject, to prevent anything but Java 1.7.0_10-b19, which hasn’t been released yet, from running automatically.

So, when Oracle gets its act together, XProtect will again allow Java to automatically run when needed.

[u] Oracle has issued a fix that’s available from Oracle, though hasn’t yet appeared in the Mac App Store.

Further, assuming that you have Java installed on your Mac and haven’t used it in the last 90 days, OS X already automatically disabled it.

Mac Security: Trust with Verification

To check that your Mac has received the XProtect update, which Apple delivered via a background push update on Thursday, January 10, get Adam Christenson’s Safe Download Version (image above).

So, Apple’s XProtect, which is part of OS X 10.6.x, 10.7 and 10.8, obviates this new Java security issue automatically as along as you’re connected to the internet. The Macintosh, it just works…

What’s your take?

via CERT, MacRumors

Related posts:
— Firefox 18 Gives Good JS, Thunderbird Gets a Bump
— Mac Java Update: JRE SE 7 1.7.0_10 is OS X 10.8 certified
— What’s new in iTunes 11
— iPad was the da bomb
— Microsoft delivers Mac Office 2011, Office 2008 updates

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.