CNBC Business channel just had a Breaking News report on a fix Apple has provided to check your computer and find out whether there has been any malicious activity through Java. But my Software Update doesn't have anything and I can't find anything about it on the Apple Support site. Has anybody gotten the fix? How do you access it? Thanks!
They're calling what Apple has devised a "malware removal tool." The reporting says that it only affects people who went to, I think they called it, "a devloper site," but they're not saying what site. I visited the Java developer site because a new project with my work apparently required I install Java.
Thanks for the reply, Klaus, I take it you're just speaking from past experience and have no specific knowledge about this particular issue?
If anybody does have specific knowledge about this particular issue, please let us know. Thanks!
While we await a formal announcement from Apple, and that may not be forthcoming as they often simply issue a security update via Software Update, us mere mortals can only go by news reports like the one you saw, and this one:
Apple barred Java from running on Macs, leaving companies that rely on Java plug-ins out in the cold.
Apple blocked Java 7 Update 11 by adding it to the banned list in XProtect.
This was the second time in two weeks that Apple has blocked Oracle's code from running on Macs. This time Java is blocked through Apple's XProtect anti-malware feature.
Java has come under fire as the means by which hackers have been able to gain control of computers. In April 2012 more than 600,000 Macs were reported to have been infected with a Flashback Trojan horse that was being installed on people's computers with the help of Java exploits. Then in August Macs were again at risk due to a flaw in Java, this time around, there was good news for Mac users: Thanks to changes Apple has made, most of us were safe from the threat.
Unwilling to leave its customers open to potential threats Apple decided it's safer to block Java entirely.
Macs running OS X Snow Leopard and beyond are affected.
UPDATE for those running Lion or Mountain Lion:
Oracle on Friday February 1 released a new version reportedly addressing vulnerabilities seen with the last build.
Apple disabled Java 7 through the OS X XProtect anti-malware system, requiring users to have at least version "1.7.0_10-b19" installed on their Macs. The release dated February 1 carries the designation "1.7.0_13-b20," meeting Apple's requirements.
Oracle "strongly recommends" applying the CPU fixes as soon as possible, saying that the latest Critical Patch Update contains 50 new security fixes across all Jave SE products.
Update for Snow Leopard users:
Apple have issued update 12 for Java for OS 10.6:
Note: On systems that have not already installed Java for Mac OS X 10.6 update 9 or later, this update will configure web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled "Inactive plug-in" on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.
None of the above refers to the current 'security scare'.
Jordan T wrote:
CNBC Business channel just had a Breaking News report on a fix Apple has provided to check your computer and find out whether there has been any malicious activity through Java. But my Software Update doesn't have anything and I can't find anything about it on the Apple Support site.
If you are actually still running OS X 10.5.8 as indicated in your profile, there is no fix for you and I feel confident there never will be.
You must upgrade your OS to at least 10.6.8 (preferably further if you are able) before you will be able to get your "Java fix."
my Software Update doesn't have anything and I can't find anything about it on the Apple Support site. Has anybody gotten the fix? How do you access it?
As MadMacs0 has already pointed out, if you're running 10.5.8, there is no fix. Your machine has a vulnerable version of Java, and will continue to until you get a newer system. If you turn off Java in your web browser, that should make you safe from these Java exploits, but you would be better off to upgrade to a newer system.
If your profile is outdated and you are running 10.7 or 10.8, then you may not have Java installed at all, in which case the update will not show up.
Note that the "malware removal tool" is not really a standalone tool that you can run manually. The tool is a part of the update, and you'll never even know the tool was there unless you are infected when the update is installed... in which case, you will see an alert saying that the malware was removed.