Apple's latest Safari updates add site-by-site Java plugin controls

Apple's latest Safari updates add site-by-site Java plugin controls

Summary: Apple has added more granular control for Java in Safari.

SHARE:
TOPICS: Security, Apple
0

Apple has added new tools in Safari 5 and 6 that allow users to control which sites the Java plugin is enabled for.

The security tools came with the latest tweaks to Java SE 6, which Oracle stopped supporting in February but which Apple still provides updates for, and Java SE 7, which is still maintained by Oracle.

The more granular controls will help tackle the persistent security risks posed by the Java browser plugin, which attackers have exploited to silently install malware on a target system by, for example, embedding malicious Java applets on websites.

The features were enabled this week in updates bringing Safari to version 6.0.4 for Mountain Lion and Lion, and Safari to version 5.1.9 for Snow Leopard.

The new Java plugin controls in Safari are accessible through Preferences --> Security, where users can click on the 'manage website settings' button.

2013-04-18 11.23.19 am

Sites that contain an embedded Java applet should appear in a dialogue box when a user tries to visit them. Users can then choose to set preferences for the site in Safari, including 'Ask Before Using', 'Block Always', 'Allow' or 'Always Allow', Mac security firm Intego notes.

Apple explains at the bottom of the dialogue box that "Websites set to 'Allow' can run Java applets as long as the installed version of Java has no known critical security issues".

It's unclear how that functions, however Apple has previously used its inbuilt and largely hidden anti-malware system XProtect to block versions of Java with known security issues

Separately, Oracle released its scheduled April patch update for Java SE on Tuesday, which contained 42 new critical security fixes, including 39 that could be exploited remotely without authentication. The next update is set for 18 June 2013.

Topics: Security, Apple

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion