Apple Kicks Java Out of Browsers in OS X Update
The Apple Store on Broadway in Manhattan's Upper West Side.
An Apple update released yesterday (Oct. 17) removes the Java browser plug-in in all Mac-compatible browsers. The move puts even more daylight between Apple and Oracle, as the latter struggles with security flaws and the former seeks to eliminate its dependence on crucial software updates from third parties.
Apple's update came one day after Oracle issued its own Java patch. That's a much better turnaround time than earlier this year when Oracle issued a patch in February 2012 that Apple didn't push out until April.
Users who update will need to reinstall Oracle's version of Java if they wish to run Java applets in their browser. But for the majority of Internet users, the update will go unnoticed.
In fact, many security experts and blogs suggest that users who don't use Java on a regular basis disable it in their browsers or uninstall it altogether. This mitigates the risk of infection from malicious applets that seek to infect, harm or control victims' machines.
Apple chose to stop preloading Java onto computers with the release of Mac OS X Lion in July 2011. More recently, it pushed out a security update that automatically turns Java off if it hasn't been used recently, tech news site Ars Technica reported.
In August, Java was blasted as an unsafe plug-in that should only be used when absolutely necessary after a zero-day exploit was discovered, rolled into the user-friendly Blackhole exploit kit and used for nearly a week before Oracle issued a patch. That patch, however, also proved to be full of security bugs.
Follow Ben on Twitter @benkwx.