Simply Security - News, Views, and Opinions from Trend Micro

Posted on October 24th, 2012 in Current News by Simply Security | Be the first to comment | Tags: Current News

Security concerns have surrounded Oracle’s Java software for months, and many experts have advised users to remove Java from their devices if they do not regularly use it.

Security concerns have surrounded Oracle’s Java software for months, and many experts have advised users to remove Java from their devices if they do not regularly use it. Apple recently ensured its OS X users take this precaution by issuing an update that uninstalls the Java applet plug-in from all browsers working with the operating system.

Apple gave no reason for the announcement, which it delivered via its support site, but a number of commentators have speculated that the decision comes as a response to a well-documented string of Internet security threats exploiting Java bugs. Forbes noted several instances of recent malware problems tied to Java vulnerabilities, including a major one in August that Oracle was slow and ineffective in patching. Another incident in the spring enabled the Flashback malware to infect more than 600,000 Apple users in a Mac botnet.

Following the Flashback issue, Apple implemented a change that automatically disabled the Java browser plugin after a certain period of disuse. The company also stopped pre-installing Java in the latest versions of OS X, Forbes noted. This latest move disables the software for all Mac-compatible web browsers, replacing Java content with a placeholder that notifies users they are missing a plugin and offers a link to download the latest version of the software.

In order to run Java plugins within Mac OS X, users will have to install the official Java runtime from Oracle on their system, and they will have the responsibility to keep it updated themselves, Ars Technica noted.

While security advisors are fairly unanimous in the opinion that leaving Java installed increases attack surfaces for hackers looking to install malware, the total repudiation of the software is somewhat controversial, Ars Technica said. Many developers rely on Java’s wide accessibility for their livelihood, the site noted. The language is widely used online because it runs across a variety of browsers and operating systems, improving website compatibility.

Forbes warned that Apple’s move could harm Java implementation and cautioned Oracle to improve Java security maintenance if it wishes to keep the program in wide use. The publication also advised Windows users to take note of Apple’s decision and consider uninstalling the program as well.

“Apple’s move should serve as a reminder that Java poses security risks that may outweigh its usefulness in browsing the Web,” wrote Forbes’ Andy Greenberg.

Security News from SimplySecurity.com by Trend Micro