Update OS X to ensure Java security

Apple's latest updates include fixes to prevent Java applet execution that may occur even with the plug-in disabled.

Topher Kessler MacFixIt Editor

Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.

See full bio

Topher Kessler

March 15, 2013 10:41 a.m. PT

2 min read

With the latest round of OS X updates Apple has addressed a number of bugs in its Mac operating systems; however, in addition one update is particularly pertinent for those who wish to maintain security with their Java installations.

Java has received some hard knocks recently with a number of security vulnerabilities that could potentially lead to malware execution on exploited systems, and as such, while uninstalling Java has been a preferred recommendation, one common recommendation for those who do need it is to just disable the Java Web plug-in; however, recent developments suggest doing this may not always render a system safe from Java-based threats on the Internet.

Safari safe files list — Disabling the Safe Downloads list should protect you from this vulnerability, but updating and having the system no longer have the option to automatically open JNLP files is a preferred additional step to take. Screenshot by Topher Kessler/CNET

In the latest update to OS X, Apple includes a fix for security vulnerability CVE-2013-0967, which in OS X is an issue with its handling of the CoreTypes library where a Java Web-Start applet could be launched automatically even if the Java plug-in is disabled. The problem was that even though the Web plugin itself may be blocked and be nonfunctional, the system still recognized Java applets as acceptable "Safe" files to automatically launch when downloaded.

Even though this should only affect those who have kept the "Open safe files after downloading" feature in Safari enabled, Apple chose to address the issue by removing JNLP (Java Network Launching Protocol) file types from the system's "CoreTypes" safe files list, so now no Java applet will be automatically launched and users will have to do so manually from the OS X Downloads folder.

This issue applies to all versions of OS X 10.7 and later, so if you are concerned about Java security and have not yet updated your system, then you might consider doing so sooner rather than later. Beyond this, a number of other vulnerabilities in the system have been addressed in the latest updates, including those for handling PDFs and images, as well as QuickTime movies, so it is a good idea to keep updated regardless of whether or not you use Java.

The latest OS X updates can be installed by choosing Software Update from the Apple menu, or by downloading and applying them manually from the Apple Support Downloads page.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

Computing Guides

Laptops

Desktops & Monitors

Computer Accessories

Photography

Tablets & E-Readers

3D Printers

Computing Coupons