Apple updates Java for Mac

Summary:Cupertino recently updated a security component for OS X. However, company's recommended best practice is still to disable Java in Safari.

In a recent Support Note, Apple said that update addresses a recently-identified vulnerability with the Java web plug-in. For those systems with OS X Lion and Mountain Lion, Apple suggests that customers make sure that they are running the latest version of Java 7, and then update Java through the Java Control Panel app.

According to Intego's Mac Security Blog, the update modifies the XProtect component of OS X, aka File Quarantine, to block outdated versions of the Java browser plug-in — in other words, those vulnerable to the vulnerability.

The minimum required version of Apple’s Java plug-in for Snow Leopard is now 13.9.7 (Java 6 Update 51), up from 13.9.5 (Java 6 Update 45). Apple provides its own version of Java for Snow Leopard and has continued to release security updates for it.

On Lion and Mountain Lion, the minimum version of Apple’s Java plug-in has increased from 14.7.0 (which corresponds with Oracle’s Java 7 Update 21) to 14.8.0 (which corresponds with Java 7 Update 25). Beginning with Lion, Apple no longer bundles Java with OS X; it is now a third-party offering available from Oracle.

Apple's best practice continues to suggest that customers enable Java when necessary.

Enable Java in your web browser only when you need to run a Java web app.

Confine your web browser only to the websites that need the Java web app. Do not open any other websites while the Java web plug-in is enabled.

When you are done, disable the Java web plug-in.

Topics: Apple, Enterprise Software, Security


David Morgenstern has covered the Mac market and other technology segments for 20 years. In the recent past, he founded Ziff-Davis' Storage Supersite, served as news editor for Ziff Davis Internet and held several executive editorial positions at eWEEK. In the 1990s, David was editor of Ziff Davis' award-winning MacWEEK news publication a... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.