Latest Mac OS X patch for Java removes browser applet support

Following the recent press attention various security vulnerabilities in Java’s browser applet plugin have had in recent weeks (here and here), the latest Java patch from Apple removes the applet plugin from your browsers:

This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled “Missing plug-in” to go download the latest version of the Java applet plug-in from Oracle.

Since Oracle now maintain the official version of Java for Mac OS X, this is a smart move for Apple to remove the older/prior versions that end users may have of the applet plugin that shipped with older JREs previously supplied by Apple.

More details here.

Shields Up! Disable your browser’s Java plugin until Oracle releases security patches

It pains me as a Java developer to recommend to anyone to disable their Java support in their browsers, but given the recently discovered Java vulnerability that can be exploited by a Java applet running in a browser to do ‘bad things’ to your machine, until this gets patched, it’s worth to disable your Java plugins until it gets patched.

According to some sources, Oracle has known about these vulnerabilities since April, but still has not patched them. Since sites have started showing up that have applets exploiting this vulnerability, it’s worth to play it safe and batten down the hatches, and disabled Java support in your browsers.

Oracle releases security patches for Java every 4 months, the next one is due in October. Until this gets patched, best to play it safe.

To disable the Java plugin on Chrome on Mac OS X:

  • Go to Chrome / Preferences, click on Show Advanced Settings
  • In the Privacy section, click the Content Settings button
  • Scroll down to Plugins, click ‘Disable individual plugins’
  • Scroll down to find the Java plugin, click disable

To disable the Java plugin in Safari on Mac OS X:

  • Go to Safari / Preferences, click the Security icon
  • In the web content section, uncheck ‘Enable Java’

To disable the Java plugin in Firefox on Mac OS X:

  • Go to Firefox / Preferences, click the General icon
  • Click the Manage Add-ons button
  • In the Addons Manager window, click Plugins on the left
  • Scroll down to find Java Applet plugin, click the Disable button