Feeds

Apple blocks Java on the Mac over security concerns

Will no one rid us of this turbulent software?

Combat fraud and increase customer satisfaction

It's been a rough couple of weeks for Java. Security issues are dogging the code, the latest fix may cause almost as many problems as it solves, and now Apple has decided to block Java completely.

French blog MacGeneration originally picked up the blockade, noticing that an update to Apple's XProtect now blocks all versions of Java on OS X 10.6 (aka Snow Leopard) and above, the second time in two weeks Apple has blocked Oracle's code.

Apple, along with browser manufacturers, started blocking Java when a major security hole was discovered in the code earlier in the month. Oracle downplayed its significance, but then was forced to admit that it had a problem and rushed out a code patch (with the obligatory offers to install crapware at the same time).

Now Apple has blocked it again, and other players are starting to make moves to get rid of Java as far as possible. On Tuesday, Mozilla announced it was ending the auto-loading of plug-ins for Firefox – while not actually mentioning Java by name – and Apple has already stopped bundling it with OS X by default.

Apple's block on Java

'No Java for you!', says Apple (source: MacGeneration)

The security status of Java has been under review for some time, with increasing numbers of people removing it as a precaution. Given Oracle's somewhat lackadaisical attitude towards patching its software, developers are increasingly looking for other options to avoid introducing weaknesses into their code.

But Apple's decision could spur the Java team to sort out their issues once and for all. Certainly if feedback from El Reg readers on our forums is any indication, the code is about as popular as an explosive piñata.

Both Oracle and Apple have felt unable to respond to a request for information on the issue. ®

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.