Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Network Security
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Apple Awards Java a Circle-with-Slash Due to Security Issues
Apple Awards Java a Circle-with-Slash Due to Security Issues

By Barry Levine
January 31, 2013 2:09PM

    Bookmark and Share
Java's security issues became much more visible when the Department of Homeland Security urgently recommended that users disable Java because of its vulnerabilities. Security researchers reported that several popular exploit kits -- packages of tools used by criminals to attack computers -- had been updated to exploit the newly discovered flaw.
 



Apple has updated its blocking of Java in its OS X operating system. The company did so a few days after the discovery that the latest version of the Java Web plug-in, which was intended to fix security issues, is itself vulnerable to attacks.

This move is the latest by the technology giant to shun Java, which has been cited by no less an authority than the U.S. Department of Homeland Security as being a security risk. Apple uses its XProtect mechanism for its Safari browser, which requires a particular version of Flash or Java plug-ins once an issue has been discovered with another version. The XProtect list defines which plug-in version is acceptable, and Apple can thus block others.

The XProtect list is being used in this case to block Java by indicating that it will only accept a version number that has not yet been released. This is how the company blocked the Java Web plug-in earlier in January, following the discovery by researchers of security flaws.

Chrome and Firefox

Oracle, which owns Java, had released a new version of the plug-in, JRE version 1.7.0_11-b21, to counter the issues from early January. But a vulnerability for the new version was reported. To counter that issue, Oracle set the plug-in so that users would have to approve running any unsigned or self-signed Java applets -- that is, ones that did not have certificates by trusted authorities. Applets with trusted credentials could run without any input from the user.

This past weekend, however, researchers discovered that a bug in Java's framework allowed attackers to bypass those security protections, thus enabling unsigned applets to run without user permission.

If Mac users require Java for any regular functionality, they can use Chrome or Firefox browsers. However, both Google and the Mozilla Foundation, which issue those browsers, have indicated that they are also considering blocking Java plug-ins.

A 'Mess'

Earlier this month, Java's security issues became much more visible when the Department of Homeland Security issued an urgent recommendation that users disable Java software because of security vulnerabilities. Security researchers reported that several popular exploit kits -- which are packages of tools used by criminals to attack computers -- had been updated to exploit the newly discovered flaw.

One security expert has described Java to news media as a "mess," and another has said the situation was "like open hunting season on consumers." Java is not needed in browsers for most activities, but it is used in some online activities, such as Citrix's widely used online collaboration software, GoToMeeting.

Oracle, which acquired Java when it bought Sun, has a page that describes how to disable Java for all browsers on Windows machines, or individually by browser on any platform. The instructions, "How do I disable Java in my web browser," are at http://www.java.com/en/download/help/disable_browser.xml.
 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Network Security
1.   Tor Working To Fix Security Exploit
2.   Wall Street Journal Hacked Again
3.   Dropbox for Business Boosts Security
4.   Hackers Breached StubHub Accounts
5.   Banks Hit by Android-Skirting Malware


advertisement
Tor Working To Fix Security Exploit
Bug reportedly reveals ID of users
Average Rating:
New Technology Defeats Privacy Efforts
Study identifies 3 browser techniques.
Average Rating:
Banks Hit by Android-Skirting Malware
34 institutions, four European countries
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Researchers Working To Fix Tor Security Exploit
Developers for the Tor privacy browser are scrambling to fix a bug revealed Monday that researchers say could allow hackers, or government surveillance agencies, to track users online.
 
Wall Street Journal Hacked Again
Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports that the computer systems housing some of its news graphics were breached. Customers not affected -- yet.
 
Dropbox for Business Beefs Up Security
Dropbox is upping its game for business users. The cloud-based storage and sharing company has rolled out new security, search and other features to boost its appeal for businesses.
 

Enterprise Hardware Spotlight
Watson Gets His First Customer Service Gig
Since appearing on Jeopardy, IBM's Watson supercomputer has been making a living using his super-intelligent knowledge base for business verticals. Now, Watson's been hired for his first customer service job.
 
Tablet Giants Apple and Samsung Feel the Heat
When a company saturates its home market with a once-hot product, expect it to pump up efforts elsewhere. Apple, for its part, is now pushing iPads to big corporations and the enterprise market.
 
Microsoft Makes Design Central to Its Future
Over the last four years, Microsoft has doubled the number of designers it employs, putting a priority on fashioning devices that work around people's lives -- and that are attractive and cool.
 

Mobile Technology Spotlight
Tablet Giants Apple and Samsung Feel the Heat
When a company saturates its home market with a once-hot product, expect it to pump up efforts elsewhere. Apple, for its part, is now pushing iPads to big corporations and the enterprise market.
 
Is the Amazon Fire Phone a Winner?
A late entry into a packed category of smartphones, Amazon's Fire phone offers a variety of unique features. Now, the reviewers are assessing if they're enough to make the phone stand out.
 
Review: Amazon Fire Offers New Ways To Use Phones
The Fire phone uses Android, but Amazon has modified it to the point that it's barely recognizable. That means the phone offers new ways to navigate, discover and, of course, shop.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.