Previous 1 2 Next 25 Replies Latest reply: Feb 21, 2013 2:19 PM by MadMacs0
Jordan T Level 1 (5 points)

CNBC Business channel just had a Breaking News report on a fix Apple has provided to check your computer and find out whether there has been any malicious activity through Java.  But my Software Update doesn't have anything and I can't find anything about it on the Apple Support site.  Has anybody gotten the fix?  How do you access it?  Thanks!


iMac (24-inch Early 2008), Mac OS X (10.5.8), 2.8 GHz Intel Core 2 Duo
  • Klaus1 Level 8 (47,782 points)

    When/if Apple publishes it, it will be available through Software Update - if relevant to your version of OS X.

  • Jordan T Level 1 (5 points)

    They're calling what Apple has devised a "malware removal tool."  The reporting says that it only affects people who went to, I think they called it, "a devloper site," but they're not saying what site.  I visited the Java developer site because a new project with my work apparently required I install Java.

     

    Thanks for the reply, Klaus, I take it you're just speaking from past experience and have no specific knowledge about this particular issue?

     

    If anybody does have specific knowledge about this particular issue, please let us know.  Thanks!

  • Klaus1 Level 8 (47,782 points)

    While we await a formal announcement from Apple, and that may not be forthcoming as they often simply issue a security update via Software Update, us mere mortals can only go by news reports like the one you saw, and this one:

     

    http://www.bbc.co.uk/news/technology-21510791

     

    Java has long been, and remains, a security risk, and for most users it is wise to switch it off (not to be confused with the unrelated Javascript which can be left on), as previous experience has shown:

     

     

     

    Apple barred Java from running on Macs, leaving companies that rely on Java plug-ins out in the cold.

    Apple blocked Java 7 Update 11 by adding it to the banned list in XProtect.

    This was the second time in two weeks that Apple has blocked Oracle's code from running on Macs. This time Java is blocked through Apple's XProtect anti-malware feature.

    Java has come under fire as the means by which hackers have been able to gain control of computers. In April 2012 more than 600,000 Macs were reported to have been infected with a Flashback Trojan horse that was being installed on people's computers with the help of Java exploits. Then in August Macs were again at risk due to a flaw in Java, this time around, there was good news for Mac users: Thanks to changes Apple has made, most of us were safe from the threat.

     

    Unwilling to leave its customers open to potential threats Apple decided it's safer to block Java entirely.

    Macs running OS X Snow Leopard and beyond are affected.

     

    UPDATE for those running Lion or Mountain Lion:

    Oracle on Friday February 1 released a new version reportedly addressing vulnerabilities seen with the last build.

    Apple disabled Java 7 through the OS X XProtect anti-malware system, requiring users to have at least version "1.7.0_10-b19" installed on their Macs. The release dated February 1 carries the designation "1.7.0_13-b20," meeting Apple's requirements.

     

    Oracle "strongly recommends" applying the CPU fixes as soon as possible, saying that the latest Critical Patch Update contains 50 new security fixes across all Jave SE products.

     

    Update for Snow Leopard users:

     

    Apple have issued update 12 for Java for OS 10.6:

     

    http://support.apple.com/kb/DL1573

     

    Note:  On systems that have not already installed Java for Mac OS X 10.6 update 9 or later, this update will configure web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled "Inactive plug-in" on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.

     

    None of the above refers to the current 'security scare'.

  • Klaus1 Level 8 (47,782 points)

    UPDATE

     

    Apple have today issued this security update regarding java:

     

    http://support.apple.com/kb/HT5666

  • babowa Level 7 (29,970 points)

    As Klaus1 said: when it is available, Apple will let you know through software update. Apple generally does not announce fixes in advance; it is also not advised to download something that may not be specifically for your configuration and could cause more harm than good.

  • Frank Caggiano Level 7 (25,722 points)

    Just ran Software Update and the Java update is  available.

  • WZZZ Level 6 (12,875 points)

    Update or not, I wouldn't run Java anywhere, forever.

  • babowa Level 7 (29,970 points)

    No Java available for me - thank goodness! (Obviously because I don't have it installed in the first place).

     

    Ahh, I just realized: it's for Mac OS 10.6 apparently....... (I'm on ML).

  • DarrylR Level 1 (10 points)

    I never installed the Java 7 on my MacAir and removed Java permanently.

  • angus cooney, angus cooney Level 1 (10 points)

    Hit APPLE " top left"

    OPEN SYSTEM PREFERENCES

     

    CLICK ON JAVA button  "bottom"

     

    General Tab

    CLICK ON

    Blue "See security tab"

     

    UN - TICK the box.

     

    This will stop the variability in java browsers that is being exploited

    until java fixes there product.

  • MadMacs0 Level 5 (4,722 points)

    Jordan T wrote:

     

    CNBC Business channel just had a Breaking News report on a fix Apple has provided to check your computer and find out whether there has been any malicious activity through Java.  But my Software Update doesn't have anything and I can't find anything about it on the Apple Support site.

    If you are actually still running OS X 10.5.8 as indicated in your profile, there is no fix for you and I feel confident there never will be.

     

    You must upgrade your OS to at least 10.6.8 (preferably further if you are able) before you will be able to get your "Java fix."

  • thomas_r. Level 7 (30,749 points)

    my Software Update doesn't have anything and I can't find anything about it on the Apple Support site.  Has anybody gotten the fix?  How do you access it?

     

    As MadMacs0 has already pointed out, if you're running 10.5.8, there is no fix. Your machine has a vulnerable version of Java, and will continue to until you get a newer system. If you turn off Java in your web browser, that should make you safe from these Java exploits, but you would be better off to upgrade to a newer system.

     

    If your profile is outdated and you are running 10.7 or 10.8, then you may not have Java installed at all, in which case the update will not show up.

     

    Note that the "malware removal tool" is not really a standalone tool that you can run manually. The tool is a part of the update, and you'll never even know the tool was there unless you are infected when the update is installed... in which case, you will see an alert saying that the malware was removed.

  • baltwo Level 9 (62,215 points)

    WZZZ wrote:

    Update or not, I wouldn't run Java anywhere, forever.

    What a luddite. I've run in all three OSs without any issues.

  • baltwo Level 9 (62,215 points)

    Java's installed in ML, just not the Java Runtime Environment component. I'd update to the latest, then just disable it via the Java prerfPane.

Previous 1 2 Next