Modernizing Authentication — What It Takes to Transform Secure Access
The latest update to Mac OS X uninstalls the Apple-provided Java plug-in from all Web browsers.
"Cupertino's coders not only bumped up their Java version to Oracle's latest release of Java SE 6 (1.6.0_37), but also ripped out the browser plugin component entirely," writes Sophos' Paul Ducklin. "So, after you apply the latest OS X Java update -- which you only need if you have already chosen to install Java -- you will no longer be able to run applets in your browser."
"The steps taken seem designed to ensure that any user who does need Java on Mac OS X in the browser will run not only Oracle's applet but also their latest Java 7 runtime," The H Security reports. "Older versions of both Apple and Oracle's Java runtime were vulnerable to 30 holes, with 29 of them being listed as remotely exploitable without authentication."
"Over the past five years or so, Java has emerged as one of the most widely exploited software packages," writes Ars Technica's Dan Goodin. "This is due to its wide availability on computers running Windows, OS X, and Linux and because of the ease hackers have in exploiting vulnerabilities."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"In April more than 600,000 Macs were reported to have been infected with a Flashback Trojan horse that was being installed on people's computers with the help of Java exploits," writes Macworld's Karen Haslam. "Then in August Macs were again at risk due to a flaw in Java ... this time around, there was good news for Mac users: Thanks to changes Apple has made, most of us were safe from the threat."