Apple has further distanced itself from Oracle’s Java software framework with a Mac update released on Wednesday that removes a Java plugin from all Mac-compatible Web browsers.
Users who install the update will find a browser placeholder when they encounter Web-based content that requires Java, according to Sophos security researcher Paul Ducklin. "If you want to run Java applets in your browser on Mac OS X, you need to install the official Oracle Java runtime on the system to do that," another blogger on ghacks.net wrote. "Yes, that runs them in parallel with Apple’s version for Java. For users that need both, it means to take care of two versions of Java on the system from that moment on."
Wednesday’s update is the latest example of Apple distancing itself from Java. Apple stopped including pre-installed versions of Java in OS X and instead gives users the option to install the framework. More recently, Apple issued an update that turns off Java in the browser when users haven’t used it recently.
The move follows advice from a variety of sources, Ars included, that users who don’t regularly use Java should uninstall it from their systems. That will decrease the attack surface hackers target when looking for software vulnerabilities that allow them to install keyloggers and other malicious software on the computers they target. Ars recognizes this advice has proved controversial in the past, particularly to developers whose livelihoods depend on the wide availability of the Java platform, so readers are encouraged to think and decide for themselves.
Over the past five years or so, Java has emerged as one of the most widely exploited software packages. This is due to its wide availability on computers running Windows, OS X, and Linux and because of the ease hackers have in exploiting vulnerabilities. Calls to uninstall Java grew louder in August after word emerged that a critical Java vulnerability was under real-world attack. Within 24 hours of that discovery, attack code exploiting the vulnerability was added to BlackHole, a hack-by-numbers exploitation kit sold in underground forums. It took Oracle almost a week to fix the flaw, and even then, related critical bugs were discovered almost immediately.
via Apple removes Java from all OS X Web browsers | Ars Technica.