Apple ticks off Mac users with silent shutdown of Java 7

Company sets XProtect to treat Java as malware, leaving Java-dependent users scrambling for guidance

If you're a Mac user who suddenly can't access websites or run applications that rely on Java, you're not alone. For the second time in a month, Apple has silently blocked the latest version of Java 7 from running on OS X 10.6 Snow Leopard or higher via its XProtect antimalware tool.

Apple hasn't issued any official statements advising users of the change or its reasons, but it's a safe bet that the company has deemed Oracle's most recent update to Java insecure. That's why the company stealthily disabled Java on Macs back on Jan. 10, the same day a Java vulnerability was being exploited in the wild.

The update to XProtect will continue to block Java on Macs until Oracle releases Update 12, whenever that occurs. In the meantime, one fix proposed by a couple of Mac forums users is to delete the XProtect source file that lists the blacklisted Java, then turning off automatic updates to the safe downloads list. Another user provided command-line instructions on how to get Java 6u37 running again. (InfoWorld does not endorse any of these methods. Proceed at your own risk.)

Mac users in the Apple forums expressed confusion and irritation over Apple's decision to abruptly kill Java without warning, explanation, or guidance on how to reenable it.

"This is a nightmare for enterprise Java users," wrote a forum user with the handle DJVA. "Oracle EBusiness uses Java as a Web application. For Apple to do this, and not even give a heads-up to their customers who utilize Macs for enterprise, is horrendous customer service. A dialogue box that at least tells their users WHY Java has suddenly, in the middle of the day, quit working would be more helpful than the nonsense that happened today."

"Apple should not be turning off functionality for its users that have installed software because of a proof-of-concept vulnerability with no exploit code available and no patch," wrote user ronc_laemigre.

"There are government-run aviation-related websites people use to gather critical information and that still use Java.... I can find that data elsewhere, but it takes more work, longer, and makes the user have to piece together data that is intuitively obvious," complained a user with the screen name Gadget.

Other users defended Apple's move, however. "I'd say that if you require Java, it's probably time for you to start finding ways to get things done without it, if possible," wrote user Thomas A. Reed. "For example, many people have complained because they can't access their bank sites without Java. I'd say, time to get a new bank that doesn't use insecure technology to access your account! Would you trust your money to a bank that used an old-fashioned skeleton key to lock up the vault?"

While Apple is suffering its share of complaints for it heavy-handed Java remediation, Oracle has faced far more criticism for neglecting the Java customers it inherited after acquiring Sun. In a blog post last Friday, Oracle security lead Milton Smith assured customers that Oracle was working on making Java secure.

This story, "Apple ticks off Mac users with silent shutdown of Java 7," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies