Oracle Updates Java 7 to Address Security Vulnerability
On Friday, we noted that Apple had taken the rare step of using its anti-malware tools in OS X to disable existing installations of the Java 7 browser plug-in due to a major security vulnerability that was being actively exploited in the wild. Apple's anti-malware system is capable of enforcing minimum version numbers for plug-ins such as Java and Flash, and Apple simply updated its blacklist information to require that machines be running a higher version of the Java 7 plug-in than was publicly available.
Oracle has now released Java 7 Update 11, and the release notes indicate that it does indeed address the vulnerability. The new release registers with a version string of 1.7.0_11-b21, satisfying Apple's requirement for a minimum version number of 1.7.0_10-b19.
In addition to the fix for the vulnerability, Java 7 Update 11 also sees a change in the default security level setting from "Medium" to "High". Under the new setting, users will be warned before the Java plug-in runs any unsigned application.
The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.
Popular Stories
Apple changed the strategy for iOS 17 later in its development process to add several new features, suggesting that the update may be more significant than previously thought, Bloomberg's Mark Gurman reports.
In January, Gurman said that iOS 17 could be a less significant update than iPhone updates in previous years due to the company's intense focus on its long-awaited mixed-reality...
Following nearly six weeks of beta testing, iOS 16.4 is expected to be released to the public as soon as this week. The software update includes a handful of new features and changes for the iPhone 8 and newer. To install an iOS update, open the Settings app on the iPhone, tap General → Software Update, and follow the on-screen instructions.
Below, we have recapped eight new features and...
Some Apple employees are concerned about the usefulness and price point of the company's upcoming mixed-reality headset, The New York Times reports.
Apple headset concept by David Lewis and Marcus Kane Initial enthusiasm around the device at the company has apparently become skepticism, according to eight current and former Apple employees speaking to The New York Times. The change of tone...
Apple showcased its mixed-reality headset to the company's top 100 executives in the Steve Jobs Theater last week, according to Bloomberg's Mark Gurman.
In the latest edition of his "Power On" newsletter, Gurman explained that the "momentous gathering" is a "key milestone" ahead of the headset's public announcement planned for June. The event was intended to rally Apple's top members of...
We're still almost six months away from the official unveiling of the iPhone 15 lineup, but it seems like every day we're learning more about what to expect from the next-generation models. Notably, this week gave us our clearest look yet at what appear to be some changes for the volume and mute control hardware.
iOS 16.4 and associated releases are also right around the corner with some new ...
Apple today released iOS 16.4, the fourth major update to the iOS 16 operating system that initially came out last September. iOS 16.4 comes two months after the launch of iOS 16.3, an update that added Security Keys for Apple ID.
iOS 16.4 and iPadOS 16.4 can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. It can take a few minutes...
We saw a lot of great deals on Apple products and related accessories this week, including Samsung's iMac-like Smart Monitor M8 for $250 off, a 30 percent off spring sale at Anker, and the year's best prices on numerous AirPods models. All of these deals are still available to purchase right now, so we're recapping them and more below.
Note: MacRumors is an affiliate partner with some of these ...
This year, all iPhone 15 models will include Apple's Dynamic Island that unifies the pill and hole cutouts at the top of the display, but there will also be a material change to the feature that wasn't included in the iPhone 14 Pro models.
According to a new tweet by Apple industry analyst Ming-Chi Kuo, the proximity sensor on the iPhone 15 series will be integrated inside the Dynamic Island ...
Top Rated Comments
Like Windows, it's widely used. It's about making the most amount of damage to the most amount of users.
Unchecking a preference in Safari does not mean it is "disabled" on your entire system. Leave it unchecked if you want, but at least fix the problem (or get rid of it).
Why am I experiencing the below:
[LIST=1]
* I have Mountain Lion 10.8.2.
* There is no Java in my System Preferences.
* There is no Java app in my Utilities.
* Only references to Java I can find are in my CS6 Suite app folders, allowing custom javascripts.
* Yet when I uncheck "enable java" and "enable java-script" in Safari, there are some websites, like cloud based email services that won't work until I turn them on. When java is enabled via the browsers those sites work fine.
* Even when enabled the http://javatester.org/version.html website says I have a missing plug-in when checking via Safari or with Firefox.
* My Terminal says: java version "1.6.0_37" Java(TM) SE Runtime Environment (build 1.6.0_37-b06-434-11M3909) Java HotSpot(TM) 64-Bit Server VM (build 20.12-b01-434, mixed mode)
It appears that the Oracle "fix" installs the full version of Java, which I currently don't have or need.
WHAT SHOULD MY COURSE OF ACTION BE?
I dont have java in system preferences. I know I am running java as I am using Adobe CS6. I have disabled java in safari.
Am I still at risk, how should I update?