Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
Build Apps 5x Faster
For Half the Cost
Enterprise Cloud Computing

On Force.com
Viruses & Malware
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Apple Awards Java a Circle-with-Slash Due to Security Issues
Apple Awards Java a Circle-with-Slash Due to Security Issues

By Barry Levine
January 31, 2013 2:09PM

Bookmark and Share
Java's security issues became much more visible when the Department of Homeland Security urgently recommended that users disable Java because of its vulnerabilities. Security researchers reported that several popular exploit kits -- packages of tools used by criminals to attack computers -- had been updated to exploit the newly discovered flaw.
 


Apple has updated its blocking of Java in its OS X operating system. The company did so a few days after the discovery that the latest version of the Java Web plug-in, which was intended to fix security issues, is itself vulnerable to attacks.

This move is the latest by the technology giant to shun Java, which has been cited by no less an authority than the U.S. Department of Homeland Security as being a security risk. Apple uses its XProtect mechanism for its Safari browser, which requires a particular version of Flash or Java plug-ins once an issue has been discovered with another version. The XProtect list defines which plug-in version is acceptable, and Apple can thus block others.

The XProtect list is being used in this case to block Java by indicating that it will only accept a version number that has not yet been released. This is how the company blocked the Java Web plug-in earlier in January, following the discovery by researchers of security flaws.

Chrome and Firefox

Oracle, which owns Java, had released a new version of the plug-in, JRE version 1.7.0_11-b21, to counter the issues from early January. But a vulnerability for the new version was reported. To counter that issue, Oracle set the plug-in so that users would have to approve running any unsigned or self-signed Java applets -- that is, ones that did not have certificates by trusted authorities. Applets with trusted credentials could run without any input from the user.

This past weekend, however, researchers discovered that a bug in Java's framework allowed attackers to bypass those security protections, thus enabling unsigned applets to run without user permission.

If Mac users require Java for any regular functionality, they can use Chrome or Firefox browsers. However, both Google and the Mozilla Foundation, which issue those browsers, have indicated that they are also considering blocking Java plug-ins.

A 'Mess'

Earlier this month, Java's security issues became much more visible when the Department of Homeland Security issued an urgent recommendation that users disable Java software because of security vulnerabilities. Security researchers reported that several popular exploit kits -- which are packages of tools used by criminals to attack computers -- had been updated to exploit the newly discovered flaw.

One security expert has described Java to news media as a "mess," and another has said the situation was "like open hunting season on consumers." Java is not needed in browsers for most activities, but it is used in some online activities, such as Citrix's widely used online collaboration software, GoToMeeting.

Oracle, which acquired Java when it bought Sun, has a page that describes how to disable Java for all browsers on Windows machines, or individually by browser on any platform. The instructions, "How do I disable Java in my web browser," are at http://www.java.com/en/download/help/disable_browser.xml.
 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Viruses & Malware
1.   Big DDoS Attacks Hit Record in 2014
2.   Google Hacker Team to Hunt Bugs
3.   Russian Hacker's Charges Revealed
4.   Hackers Target Western Energy Firms
5.   Android SMS Worm on the Loose


advertisement
Android SMS Worm on the Loose
Malware lets bad actors cash in.
Average Rating:
Big DDoS Attacks Hit Record in 2014
Attackers often use NTP reflection.
Average Rating:
Hackers Target Western Energy Firms
Appears to be state-sponsored group.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Juniper DDoS Solution Aims at High-IQ Networks
In the face of more complex attacks, Juniper Networks is boosting its DDoS Secure solution to help companies mitigate the threats with more effective security intelligence throughout the network fabric.
 
Large-Volume DDoS Attacks Hit Record in 2014
The number of distributed denial-of-service (DDoS) attacks set a record in the first half of 2014, according to a report by Arbor Networks. The number of attacks over 20 GB/sec doubled.
 
U.N.: Nations Hide Rise in Private Digital Snooping
Governments on every continent are hiding an increasing reliance on private companies to snoop on citizens' digital lives, the U.N. human rights office says, with grave concerns about privacy.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.