Apple blocks Java in browser again

Oracle's latest update of the Java runtime for browsers has been marked as unsafe by Apple's anti-malware feature Xprotect, Mac users report.

The block applies to Java versions 1.7 (or 7) 11.22. Apple's blacklisting comes after security researchers noted that the even with the latest update installed, the popular application framework remains vulnerable to silent drive-by attacks that permit the loading of malicious code without user interaction.

Java was blocked by Apple in January this year as reports of zero-day vulnerabilities being exploited on a large scale started to roll in.

Apple users have been the target of Java exploits for some time now, with anti-virus vendor Dr Web uncovering an almost 600,000-strong botnet in April last year.

Previously, the Mozilla Foundation said it would prevent the automatic loading of plug-ins in its Firefox browser when websites requested it, and now leave the decision to do so with users as part of the Click To Play feature.

Mozilla says "this change will help increase Firefox performance and stability, and provide significant security benefits." 

Oracle's Java plug-in, Microsoft Silverlight and older versions of Adobe Flash now have to be manually loaded by users with Click To Play.

Oracle meanwhile has pledged to sort out the frequent security flaws in Java that has led to security experts and government IT infrastructure protection organisations to advise users to either remove the runtime from their browsers, or to uninstall it completely.