*UPDATE, Feb. 20, 1:18 p.m.: This article originally linked to an outdated Apple support page. The correct link to the support page where you can download the latest security update is here: http://support.apple.com/kb/DL1572?viewlocale=en_US&locale=en_US
Original post: Mac users, and I am one, tend to be a little blasé when it comes to computer security. That’s becoming less and less justified. If you’ve ignored my increasingly dire entreaties to disable the Java plug-in on your Web browsers because you use a Mac and figured you were safe, perhaps this will get your attention: On Tuesday, Apple disclosed that its own employees’ computers were infected with Java-related malware when they visited a compromised website. (The site, an iPhone development hub, is likely the same one that speared Facebook and Twitter in recent weeks, AllThingsD’s Mike Isaac reports. It’s called iPhoneDevSDK, and you should not visit it for any reason. At all.)
Those who have already disabled Java on their browsers can rest easy, as usual. Those who haven’t, and who use Macs, can now rid themselves of the world’s worst plug-in by taking one simple step. Just visit this Apple support page* and download the update, which, once installed, will automatically disable Java in all of your browsers at once. (You’ll need to close all of your browsers before installing.)
Alternatively, you can find the update in the “Updates” tab on your App Store if you’re using OS X 10.7 or later (Lion or Mountain Lion). If you have OS X 10.6, there’s a good chance you’ve already downloaded a similar update that Apple made available earlier this month, but you can still check the “Updates” tab on your App Store to make sure.
As I’ve written several times before, disabling Java applets should affect few, if any, websites that you visit regularly. And, all together now: Javascript is not the same as Java. You don’t need to disable Javascript, and if you do, you’ll quickly find that half the Web is no longer functioning properly in your browser. If you think you disabled Java and then you find that basic sites like Facebook are no longer working, you probably disabled Javascript instead.
For more background on how to disable the Java plug-in, including instructions for PC users, feel free to peruse previous installments of what’s becoming quite the regular feature here on Future Tense:
Aug. 29, 2012: Why You Should Probably Disable Java on Your Browser Right Now
Aug. 30, 2012: Oracle Fixes Java After Months of Silence, But You Might As Well Keep It Turned Off
Jan. 14, 2013: No, Seriously, Just Disable Java in Your Browser Right Now
