Apple released a small Java update for OS X users this Wednesday. The update effectively removed the Java applet plug-in that typically comes pre-installed in all web browsers on the Mac. Why? Well, Apple has been trying to distance itself from Java for quite some time, mainly due to the fact that most malware spreads via Java vulnerabilities.
Take the recent Flashback trojan, for example. Millions of Macs were comprised because hackers were able to exploit a security vulnerability in Java on the browser. You could visit a bad site with a corrupt Java applet and get infected. After this week’s update, Java is no longer included in browsers like Safari.
If you absolutely need Java for a certain website, then Apple allows you to download it directly from Oracle. It’s a good tradeoff because Apple gets to distant itself from the dangerous platform while also leaving room for “power” users to install Java anyway.
This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled “Missing plug-in” to go download the latest version of the Java applet plug-in from Oracle.
Please quit any web browsers and Java applications before installing this update.
Check for updates in the Mac App Store to grab this one if you haven’t already. By cutting ties with Java, we hopefully won’t see something like Flashback again.
Via: Ars Technica