February 1, 2013
Apple Updates XProtect, Blocks Older Versions Of Java
Michael Harper for redOrbit.com — Your Universe Online
It´s been over a week since a Java exploit has been in the news, so perhaps Oracle´s latest fix has finally calmed the choppy seas.
The software platform has been earning itself plenty of bad press over the past year, opening up millions of computers to exploits. Now, any computer running an out-of-date version of Java is susceptible to an attack by any hacker with enough money to buy a hacker´s toolkit which contains said exploit.
Yesterday morning, Apple updated their barrier against any potentially harmful version of Java. In order to protect OSX from harmful plug-ins and other points of weakness, Apple uses a system called XProtect. This system keeps a log of blacklisted plug-ins and other threats which may cause harm to the machine. The newly updated XProtect now blocks all versions of Java with the exception of the latest version, 184.108.40.206. According to CNET, XProtect had previously blocked all versions up to 220.127.116.11.
XProtect works by making sure each web plug-in is up-to-date and secure. The system also performs daily checks to ensure that it´s blocking any other threats, such as malware or trojan horses. This service was first launched in 2009 with Snow Leopard. Originally users updated the system manually, but as threats against OSX continued to grow, such as the Flashback trojan last year, Apple began automatically updating XProtect on a daily basis.
While XProtect will now block the most dangerous versions of Java, its recent history should be enough to convince any user to simply disable it or uninstall it altogether. These days, it´s unlikely that the common, everyday user will need Java as they surf. For those Mac users who absolutely rely on the Java platform, today´s update is simply an extra measure to protect the system. If you noticed some Java applets or other web elements are no longer working today, this update to XProtect may explain it.
For everyone else, it´s far better to simply live a Java free life. After all, if the Department of Homeland Security issues a warning against a piece of software, it´s probably best to take heed; Especially if the hordes of security experts urging you to do the same weren´t enough to persuade you.
You´ll eventually learn to get through the day without a headache, you´ll experience the satisfaction of clean living, and you´ll wake up feeling refreshed and more relaxed.