Apple blocked Java 7 Update 11 by adding it to the banned list in XProtect – the second time in two weeks that Oracle’s code has been banned from running on Macs. This time Java is blocked through Apple’s XProtect anti-malware feature.
Java has come under fire as the means by which hackers have been able to gain control of computers. In April 2012 more than 600,000 Macs were reported to have been infected with a Flashback Trojan horse that was being installed on people’s computers with the help of Java exploits.
Then last August Macs were again at risk due to a flaw in Java. This time around, there was good news for Mac users: Thanks to changes Apple has made, most of us were safe from the threat.
Unwilling to leave its customers open to potential threats Apple has apparently decided it’s safer to block Java entirely, with Macs running OS X Snow Leopard and beyond being affected.
While for some blocking Java is unlikely to effect productivity, a number of businesses are reliant on Java. For example, the software many publishers use to upload PDFs to printers uses Java. Some enterprise users utilise Java and may experience a loss in revenue as their software ceases to work.
As one forum post on Apple’s Support Communities reads: “THIS IS A NIGHTMARE FOR ENTERPRISE JAVA USERS. Oracle EBusiness uses Java as a web application. For Apple to do this, and not even give a head’s up to their customers who utilise Macs for Enterprise, is horrendous customer service. A dialogue box that at least tells their users WHY Java has suddenly, in the middle of the day, quit working would be more helpful than the nonsense that happened today.”
Another writes: “There are government-run aviation-related websites people use to gather critical information and that still use Java.”
For those who are missing Java, the fact that no actual exploit has been identified is frustrating.
However, on January 10, when a Java vulnerability was being exploited, Apple reacted by blocking Java 7 until Oracle issued Java 7 Update 11 as a fix to the zero-day security flaw on January 14.
That threat was so serious that the US Computer Emergency Readiness Team, part of the US Department of Homeland Security, urged users to disable Java in their web browsers.
Also, it’s not only Apple who is blocking Java. Mozilla also blocked Java by default in Firefox.
Apple has already stopped bundling Java with OS X by default.
As far as we can tell, XProtect will continue to block Java on Macs until Oracle releases an update.