(Update x2): Apple blocks update to Java on suggestion from the U.S. Dept. of Homeland Security
“As noted by ZDNet, a major security vulnerability in Java 7 has been discovered, with the vulnerability currently being exploited in the wild by malicious parties,” Eric Slivka reports for MacRumors. “In response to threat, the U.S. Department of Homeland Security has recommended that users disable the Java 7 browser plug-in entirely until a patch is made available by Oracle.”
Thank you for reading this post, don't forget to subscribe!
“Apple has, however, apparently already moved quickly to address the issue, disabling the Java 7 plug-in on Macs where it is already installed,” Slivka reports. “Apple has achieved this by updating its ‘Xprotect.plist’ blacklist to require a minimum of an as-yet unreleased 1.7.0_10-b19 version of Java 7. With the current publicly-available version of Java 7 being 1.7.0_10-b18, all systems running Java 7 are failing to pass the check initiated through the anti-malware system built into OS X.”
Update 01-12-2013 11:21am Eastern Time
A fix for the above problem is being worked on by Oracle and will make it available a.s.a.p.
Update 01-12-2013 11:16am Eastern Time
The Mozilla Foundation has quietly updated its blacklist to include the above update. It has also been reported that the FBI has opened an investigation in to the above – more information as we get it.