The Register® — Biting the hand that feeds IT

Feeds

Apple blocks Java on the Mac over security concerns

Will no one rid us of this turbulent software?

By Iain Thomson in San Francisco, 1st February 2013
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

It's been a rough couple of weeks for Java. Security issues are dogging the code, the latest fix may cause almost as many problems as it solves, and now Apple has decided to block Java completely.

French blog MacGeneration originally picked up the blockade, noticing that an update to Apple's XProtect now blocks all versions of Java on OS X 10.6 (aka Snow Leopard) and above, the second time in two weeks Apple has blocked Oracle's code.

Apple, along with browser manufacturers, started blocking Java when a major security hole was discovered in the code earlier in the month. Oracle downplayed its significance, but then was forced to admit that it had a problem and rushed out a code patch (with the obligatory offers to install crapware at the same time).

Now Apple has blocked it again, and other players are starting to make moves to get rid of Java as far as possible. On Tuesday, Mozilla announced it was ending the auto-loading of plug-ins for Firefox – while not actually mentioning Java by name – and Apple has already stopped bundling it with OS X by default.

Apple's block on Java

'No Java for you!', says Apple (source: MacGeneration)

The security status of Java has been under review for some time, with increasing numbers of people removing it as a precaution. Given Oracle's somewhat lackadaisical attitude towards patching its software, developers are increasingly looking for other options to avoid introducing weaknesses into their code.

But Apple's decision could spur the Java team to sort out their issues once and for all. Certainly if feedback from El Reg readers on our forums is any indication, the code is about as popular as an explosive piñata.

Both Oracle and Apple have felt unable to respond to a request for information on the issue. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (56)
Highly Rated
Ken Hagan
Reply Icon

Re: this raises a number of questions

"If java ever had a purpose its rapidly losing it."

Java's original purpose was to provide a provably secure sandbox for running untrusted applets. (If you have to trust the app, you might as well run native code.) It is debatable whether the implementation was ever good enough to realise that noble aim, but it certainly isn't today.

No matter. In order to achieve that, it had to provide safe equivalents to enough of the native API to be useful. Consequently, it acquired a secondary purpose of "write once run anywhere". This is now its sole purpose. Java is therefore an alternative to frameworks like Qt.

Given some effort, one presumably *could* resurrect the "provably secure" aspect and that would be of interest to a lot of people. Clearly, however, neither Sun nor Oracle could/can be bothered and as long as Oracle have a final veto on what one can call "Java", their lack of support makes "secure Java" impossible. The best possible outcome, therefore, is for Oracle to throw a hissy fit and discard Java altogether, only for it to be picked up by freetards who are actually willing to do justice to the original design.

7
0
Neoc

Maybe I'm reading this wrong, but the screenshot seems to indicate that it's the Java Applet PlugIn that is being blocked, not Java itself.

7
0
boltar
Reply Icon

Re: this raises a number of questions

"I would not be surprised if Java succumbed to death by a thousands cuts in the next 10 years."

IMO Java is the biggest con perpetrated upon the IT industry in decades. The language itself is less powerful and less flexible than C++ (not that C++ is a shining beacon of how a language should be designed but i digress..) that it was supposed to replace, still generally runs slower and uses more memory than an equivalent C++ binary, requires the correct JVM to be installed before it'll work (write once run anywhere? Do me a favour!). and the JVM as we know is subject to security holes not to mention bugs.

If java ever had a purpose its rapidly losing it. My personal opinion is C++ will regain ground on unix server side development along with python and for windows C# will - if it hasn't already - kill java stone dead in the years to come. Assuming MS can get its act together. As for the web , forget it, java died there long ago. It might limp on for a few more years on android until they realise the pointlessness of double compilation but even that will stop eventually.

6
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
135
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15