On 10 January 2013, the United States Computer Emergency Readiness Team (US-CERT) issued a warning advising users to disable Java because a serious exploit found allows hackers to take control of users’ computers (Macs, PCs, Linux).
While waiting for Oracle to release a Java update fix, Apple had quietly disabled Java on Macs by blacklisting it. On the other hand, Mozilla promotes Firefox’s Click To Play feature which does not auto load Java plugin until you clicks to enable it.
Oracle released Java SE7 Update 11
On January 13, 2013, Oracle finally released Java SE7 Update 11 which contains important security fixes. Oracle strongly recommends that all Java SE7 users update to the release. Download Java SE7 update 11.
Manually disable Java in your browser
You may still want to manually disable Java in your browser for any Java plugin exploit in the future. Here’s the instructions published by Gizmodo.
- Chrome — type “chrome://plugins” in your address bar and find “Java” in the list, click on the blue “Disable” link. Restart Chrome.
- Safari — Goto Safari’s “Preferences” (⌘,). Click “Security” on the top row and uncheck “Enable Java”. Restart Safari.
- Internet Explorer — Goto “Tools” menu and select “Manage Add-ons”. Go to the left of the window that pops up and in the drop-down box below the heading “Show:” select “All Add-ons.” Scroll down the list on the right of the window until you find a subheading under the category “Group” that reads “Oracle America, Inc.” Select each item and disable it with the “Disable” button in the bottom right-hand corner of the window. Restart Internet Explorer.
- Firefox — Goto “Tools” menu and select “Add-ons”. Select “Plug-ins” on the left-hand side of the new tab that shows up. Scroll the list on the right-hand side of the screen until you find an item that reads “Java (TM) Platform [blablabla].” Click the ”Disable” button on the right. Restart Firefox.