New Java 7 Exploit Can Be Dangerous

The attack vulnerability is in Java 1.7 which most Mac Users are not using because you’d need to update to 1.7 manually.

Apple stopped bundling Java in 2011 when Lion was released. For users on Lion and Mountain Lion, who have Java installed, the operating system asks them if they would like Java to run. The situation is more so dangerous for Snow Leopard and Leopard users, because they do not have the same safety restrictions.

Best course of action is to uninstall Java and stay away from websites that look suspicious.

Check Which Version of Java is Installed

There are two ways to determine which version of Java is installed.

Check Version of Java Installed Using Java Preferences

  • Open the Applications folder and then open Utilities
  • Double-click on “Java Preferences”
  • Find the Java version under Name and Version, ie: Java SE 6

If you don’t have Java Preferences installed, that means you don’t have Java installed so you are safe. If you see “Java SE 6″ you are ok.

Check Version of Java Installed Using Terminal

  • Launch Terminal, found in /Applications/Utilities/
  • Type the following command exactly

java -version

Disable Java System-Wide

  • Open “Java Preferences” from /Applications/Utilities/
  • Uncheck “Enable applet plug-in and Web Start applications”
  • Uncheck “ON” next to Java SE

Disable Java Per Web Browser

Disable Java in Safari

  • Pull down the Safari menu and select “Preferences”
  • Click the “Security” tab and uncheck the box next to “Enable Java”

Disable Java in Chrome

  • Type “chrome://plugins/” into the URL bar, locate Java and click disable

Disable Java in Firefox

  • Open Firefox Preferences and under the “General” tab click “Manage Add-ons…”
  • Select “Plugins” and find Java (and/or Java Applet), click the Disable button

To sum up:

  • Java SE 7 (1.7) is unsafe
  • Java SE 6 (1.6) or lower is safe

Update 8/30/12: 

Oracle has released a security patch for the recent Java 7 exploit. You can download the new SE 7u7 update directly from Oracle:

Java SE 7u7 Update Via Oracle

It should be safe to re-enable Java.

Tagged with: , ,
Posted in Macintosh

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Enter your email address to follow this site and receive notifications of new posts by email.

Join 197 other subscribers
wordpress com stats plugin
%d bloggers like this: