Apple updates Java for Mac

Apple updates Java for Mac

Summary: Cupertino recently updated a security component for OS X. However, company's recommended best practice is still to disable Java in Safari.


In a recent Support Note, Apple said that update addresses a recently-identified vulnerability with the Java web plug-in. For those systems with OS X Lion and Mountain Lion, Apple suggests that customers make sure that they are running the latest version of Java 7, and then update Java through the Java Control Panel app.

According to Intego's Mac Security Blog, the update modifies the XProtect component of OS X, aka File Quarantine, to block outdated versions of the Java browser plug-in — in other words, those vulnerable to the vulnerability.

The minimum required version of Apple’s Java plug-in for Snow Leopard is now 13.9.7 (Java 6 Update 51), up from 13.9.5 (Java 6 Update 45). Apple provides its own version of Java for Snow Leopard and has continued to release security updates for it.

On Lion and Mountain Lion, the minimum version of Apple’s Java plug-in has increased from 14.7.0 (which corresponds with Oracle’s Java 7 Update 21) to 14.8.0 (which corresponds with Java 7 Update 25). Beginning with Lion, Apple no longer bundles Java with OS X; it is now a third-party offering available from Oracle.

Apple's best practice continues to suggest that customers enable Java when necessary.

Enable Java in your web browser only when you need to run a Java web app.

Confine your web browser only to the websites that need the Java web app. Do not open any other websites while the Java web plug-in is enabled.

When you are done, disable the Java web plug-in.

Topics: Apple, Browser, Operating Systems, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Why so complicated?

    Enable Java, disable Java. Why isn't it best practice to enable Java on sites that I really trust and disable on everything else?
  • Why so complicated?

    Enable Java, disable Java. Why isn't it best practice to enable Java on sites that I really trust and disable on everything else?
  • Apple has a delusional approach to Java

    Did they create a UI button to perform these actions? Did they create a visual indicator signaling the need for Java? How about a Security Zone for Java... Sites in the Zone have Java enabled the rest do not. What's this stuff with 4 releases back... Get into the real world Apple, the world of alternate Apple-reality doesn't play.
    • What is this drivel about?

      Apple has an approach to Java that easily beats any other approach i know of, other than uninstalling it. Java will not run on a Mac - in any browser or fashion at all - unless it is the very latest release. That is what xprotect in the article refers to.

      If xprotect detects you are running ANYTHING other than the latest, then you simply cannot run Java. In ANY browser. This is far more secure than the internet Explorer-only protections you allude to.
      • Yes but...

        Given the nasty habit of Sun (now inherited by Oracle) of breaking things with every new release of Java, I'd love to have the ability of not forcefully having to use the most recent version.
        • Breaking things?

          Please send me specific links to where/when Oracle broke something when upgrading Java.
          Thanks in advance.
  • Apple Java for Mac OS X 10.6 Update 17?

    Well, if there's an Update 17 for Apple Java for Mac OS X 10.6, Software doesn't know about it yet. Running the Java Preferences utilily shows that the most recent version of Java installed on my Mac Pro in Snow Leopard (10.6.8) is Java SE6 v1.6.0_51-b11-456 (both 32-bit and 64-bit versions are available), which was installed with Update 16.

    As recommended by Apple's best practices, I keep Java turned off unless I need it. I'm not sure why some folks seem convinced that it's "complicated" to enable Java when it's needed and disable it when it's not needed. The procedure in OS X 10.6.8 is:

    1. Open the Java Preferences utility.
    2. Check the "On" checkbox to enable Java.
    3. Run whatever Java app you need to run.
    4. Uncheck the "On" checkbox to disable Java.

    Seems pretty straightforward to me.
    • What Update

      It appears there's no update for 10.8.4 either. On the Oracle site, the latest version is update 25 which I installed a few months ago.