Over the past couple of days there have been news stories about a vulnerability in Java which is apparently being exploited in an effort to steal identities. The situation is not entirely clear to me and details change rapidly, but currently the Department of Homeland Security recommends that people disable the Java web browser plug-in, for each of their web browsers.
According to this article from ZDNet, Apple has already sent out an automatic update which effectively disables the Java web browser plug-inĀ for Macs running OS X Lion (10.7) and OS X Mountain Lion (10.8). That said, it can’t hurt to follow the instructions below to double-check your Mac’s configuration.
Important Note – Please don’t confuse Java and Javascript. These are two entirely different technologies despite the very similar names. This current security vulnerability only affects Java, not Javascript. More specifically, this vulnerability targets Java web browser plug-ins. In other words, you do not need to fully remove or disable Java or Java-based applications, like OpenOffice or CrashPlan. Reportedly, Java applications have a very low chance be being exploited by this bug.
This OS X Daily article from August 2012 provides instructions on how to disable the Java plug-in in Safari, Chrome and Firefox. Please follow these instructions to ensure that Java is disabled in your web browser.