The attack vulnerability is in Java 1.7 which most Mac Users are not using because you’d need to update to 1.7 manually.
Apple stopped bundling Java in 2011 when Lion was released. For users on Lion and Mountain Lion, who have Java installed, the operating system asks them if they would like Java to run. The situation is more so dangerous for Snow Leopard and Leopard users, because they do not have the same safety restrictions.
Best course of action is to uninstall Java and stay away from websites that look suspicious.
Check Which Version of Java is Installed
There are two ways to determine which version of Java is installed.
Check Version of Java Installed Using Java Preferences
- Open the Applications folder and then open Utilities
- Double-click on “Java Preferences”
- Find the Java version under Name and Version, ie: Java SE 6
If you don’t have Java Preferences installed, that means you don’t have Java installed so you are safe. If you see “Java SE 6″ you are ok.
Check Version of Java Installed Using Terminal
- Launch Terminal, found in /Applications/Utilities/
- Type the following command exactly
Disable Java System-Wide
- Open “Java Preferences” from /Applications/Utilities/
- Uncheck “Enable applet plug-in and Web Start applications”
- Uncheck “ON” next to Java SE
Disable Java Per Web Browser
Disable Java in Safari
- Pull down the Safari menu and select “Preferences”
- Click the “Security” tab and uncheck the box next to “Enable Java”
Disable Java in Chrome
- Type “chrome://plugins/” into the URL bar, locate Java and click disable
Disable Java in Firefox
- Open Firefox Preferences and under the “General” tab click “Manage Add-ons…”
- Select “Plugins” and find Java (and/or Java Applet), click the Disable button
To sum up:
- Java SE 7 (1.7) is unsafe
- Java SE 6 (1.6) or lower is safe
Oracle has released a security patch for the recent Java 7 exploit. You can download the new SE 7u7 update directly from Oracle:
It should be safe to re-enable Java.
Leave a Reply