As noted by ZDNet, a major security vulnerability in Java 7 has been discovered, with the vulnerability currently being exploited in the wild by malicious parties. In response to threat, the U.S. Department of Homeland Security has recommended that users disable the Java 7 browser plug-in entirely until a patch is made available by Oracle.

Hackers have discovered a weakness in Java 7 security that could allow the installation of malicious software and malware on machines that could increase the chance of identity theft, or the unauthorized participation in a botnet that could bring down networks or be used to carry out denial-of-service attacks against Web sites.

"We are currently unaware of a practical solution to this problem," said the DHS' Computer Emergency Readiness Team (CERT) in a post on its Web site on Thursday evening. "This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available."

Apple has, however, apparently already moved quickly to address the issue, disabling the Java 7 plug-in on Macs where it is already installed. Apple has achieved this by updating its "Xprotect.plist" blacklist to require a minimum of an as-yet unreleased 1.7.0_10-b19 version of Java 7. With the current publicly-available version of Java 7 being 1.7.0_10-b18, all systems running Java 7 are failing to pass the check initiated through the anti-malware system built into OS X.


Apple's updated plug-in blacklist requiring an unreleased version of Java 7
Apple historically provided its own support for Java on OS X, but in October 2010 began pushing support for Java back to Oracle, with Steve Jobs noting that the previous arrangement resulted in Apple's Java always being a version behind that available to other platforms through Oracle. Consequently, Jobs acknowledged that having Apple responsible for Java "may not be the best way to do it."

It wasn't until last August that the transition was essentially complete, with Oracle officially launching Java 7 for OS X. Java 7 does not ship by default on Mac systems, meaning that many users are not affected this latest issue or other recent ones, but those users who have manually installed Java 7 may be experiencing issues with their systems.

There is no word yet on when an updated version of Java addressing the issue will be made available by Oracle.

Update: As detailed in the National Vulnerability Database, the issue affects not only the Java 7 plug-in, but all versions from 4 through 7.

As noted by ZDNet, a major security vulnerability in Java 7 has been discovered, with the vulnerability currently being exploited in the wild by malicious parties. In response to threat, the U.S. Department of Homeland Security has recommended that users disable Java 7 entirely until a patch is made available by Oracle.

Hackers have discovered a weakness in Java 7 security that could allow the installation of malicious software and malware on machines that could increase the chance of identity theft, or the unauthorized participation in a botnet that could bring down networks or be used to carry out denial-of-service attacks against Web sites.

"We are currently unaware of a practical solution to this problem," said the DHS' Computer Emergency Readiness Team (CERT) in a post on its Web site on Thursday evening. "This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available."

Apple has, however, apparently already moved quickly to address the issue, disabling Java 7 on Macs where it is already installed. Apple has achieved this by updating its "Xprotect.plist" blacklist to require a minimum of an as-yet unreleased 1.7.0_10-b19 version of Java 7. With the current publicly-available version of Java 7 being 1.7.0_10-b18, all systems running Java 7 are failing to pass the check initiated through the anti-malware system built into OS X.


Apple's updated plugin blacklist requiring an unreleased version of Java 7
Apple historically provided its own support for Java on OS X, but in October 2010 began pushing support for Java back to Oracle, with Steve Jobs noting that the previous arrangement resulted in Apple's Java always being a version behind that available to other platforms through Oracle. Consequently, Jobs acknowledged that having Apple responsible for Java "may not be the best way to do it."

It wasn't until last August that the transition was essentially complete, with Oracle officially launching Java 7 for OS X. Java 7 does not ship by default on Mac systems, meaning that many users are not affected this latest issue or other recent ones, but those users who have manually installed Java 7 may be experiencing issues with their systems.

There is no word yet on when an updated version of Java addressing the issue will be made available by Oracle.

Later this year, Other World Computing plans to release a 3.5" SSD drive meant for tower-style PCs like the Mac Pro. The drive, called the "Mercury Viper", will allow OWC to build an SSD with capacities as large as 2TB, as well as transfer rates over 600MB/s over a SATA 3 connection.


Currently, OWC makes 2.5" SSD's that can be installed in a laptop or desktop via a bracket, but the extra space in a 3.5" drive allow for four times the capacity as their current drives -- at a significant cost. A OWC spokesperson told Ars Technica that the drive was designed "performance and capacity, not price".

That's in stark contrast to where the rest of the market is headed, typically driving costs down and making the most of 2.5" and mSATA form factors used in notebooks and Ultrabooks. But workstation may care less about budget and more about getting work done. "We think the price will be right for the kind of user that spends $6,000 on a computer," Dahlke said. "And you can't get this kind of capacity anywhere else."

Pricing and availability details are expected in March.

(Image courtesy Ars Technica/Chris Foresman)

Former Apple employee Don Melton has been sharing a unique look behind the scenes of the Safari development team. Melton was the team leader on both the Safari and WebKit products that are now used by millions of users on iOS, the Mac, and Windows.

Previously, Melton explained how the Safari name came about, and the tale of Safari's User Agent string and the strategies his team used to keep the project under wraps.

Today, he shared details of the launch of Safari some ten years ago at the Macworld Expo in 2003. One of the more revealing sections of the piece looks behind the scenes at Steve Jobs' rehearsals for his presentation and some of the things that could have gone wrong.

Of course, thanks to Jobs' impeccable preparation, the Safari presentation -- and everything else that was revealed that day -- went off without a hitch.

Until I watched that video I found and posted of the Macworld keynote, I had completely forgotten what else was announced that day. Which is pretty sad considering I saw Steve rehearse the whole thing at least four times.

But you have to realize I was totally focused on Safari. And Scott Forstall, my boss, wanted me at those rehearsals in case something went wrong with it.

There’s nothing that can fill your underwear faster than seeing your product fail during a Steve Jobs demo.

One of my concerns at the time was network reliability. So, I brought Ken Kocienda, the first Safari engineer, with me to troubleshoot since he wrote so much of our networking code. If necessary, Ken could also diagnose and duct tape any other part of Safari too. He coined one of our team aphorisms, “If it doesn’t fit, you’re not shoving hard enough.”

[…]

Most of the time during those rehearsals, Ken and I had nothing to do except sit in the then empty audience and watch The Master Presenter at work — crafting his keynote. What a privilege to be a spectator during that process. At Apple, we were actually all students, not just spectators. When I see other companies clumsily announce products these days, I realize again how much the rest of the world lost now that Steve is gone.

The full article is worth a read for anyone who wants a peek behind the Apple curtain.

Topeka Capital Markets analyst Brian White today released a new report highlighting some of his observations from this week's CES in Las Vegas, noting that "checks" at the show suggest that Apple is looking to launch the next-generation versions of the iPad and iPad mini in March.

Our checks at CES indicate Apple will release the iPad 5 and the second-generation iPad mini this March. The iPad 5 is expected to be lighter and thinner than the iPad 4 that was released in October, while the form factor of the iPad mini should be similar to the first generation iPad mini that debuted in October.

White's comments are in line with a previous report from Japanese blog Macotakara which claimed that the a thinner and lighter fifth-generation iPad will be launching in March. RBC analyst Doug Freedman had also claimed that Apple was accelerating its plans for the second-generation iPad mini.


Apple has historically stuck to roughly year-long update cycles for its iOS devices, but the company surprised many observers by launching the fourth-generation iPad in October, just seven months after the debut of the third-generation model. It is unclear whether that shorter interval is the start of a trend for Apple, as it may simply have been a one-time event due to Apple's move to the new Lightning connector.

There have, however, been growing rumors of shorter update cycles being part of a new strategy for Apple as it seeks to remain competitive in the fast-moving mobile device market and smooth out its sales somewhat throughout the year.

As noted by The Next Web, Apple has added support for new movie and TV streaming service Watchever to the Apple TV in Germany.

Essentially a German version of Hulu launched by Vivendi this month, it offers local, European and international movies and TV series for €8.99 a month. Key features include the ability to choose between a German dubbed version of international movies, or the original. There is also a personal recommendation algorithm à la Netflix.

Watchever added to Apple TV home screen in Germany (Source: @chrizkro)
Watchever had announced at its launch that it would be coming to the Apple TV, and Apple today updated its support document on third-party content providers to include Watchever.

Yesterday, a report from the Shanghai Evening News including comments made by Apple marketing chief Phil Schiller about Apple's refusal to build "cheap" devices was widely re-reported throughout both the Apple-focused rumor scene and in mainstream media.

Schiller's comments were viewed by some as a direct rebuttal to recent rumors from The Wall Street Journal and Bloomberg that Apple is working on a less expensive iPhone for launch as soon as later this year, although he actually appeared to simply be noting that any product Apple releases would not sacrifice quality in order to grab market share at lower price points.

Reuters has now issued a brief statement retracting its re-reporting of the Shanghai Evening News piece, citing "substantial changes" to the source article. Reuters will not be publishing an amended version of its story.

It is unclear exactly what changes Reuters is referring to, as the online version [Google translation] of the Shanghai Evening News piece appears to be essentially the same as when it was first covered by English-language media.

Still, the retraction by Reuters casts significant uncertainty on the original report and raises questions about whether Schiller's comments were mistranslated or misinterpreted.

Update 12:30 PM: Reuters has now published an explanation for its retraction, citing the changes made to the original Shanghai Evening News article.

[I]n a new version of the story published after the original, the Shanghai Evening News removed all references to cheaper smartphones, except for a mention of a "cheaper, low-end product." It also amended its original headline from "Apple will not push a cheaper smartphone for the sake of market share," to "Apple wants to provide the best products, will not blindly pursue market share."

Apple confirmed the interview had taken place and that it had contacted the Chinese newspaper about amending its original article, but had no further comment and declined to provide a transcript of the interview.

Yesterday, a report from the Shanghai Evening News including comments made by Apple marketing chief Phil Schiller about Apple's refusal to build "cheap" devices was widely re-reported throughout both the Apple-focused rumor scene and in mainstream media.

Schiller's comments were viewed by some as a direct rebuttal to recent rumors from The Wall Street Journal and Bloomberg that Apple is working on a less expensive iPhone for launch as soon as later this year, although he actually appeared to simply be noting that any product Apple releases would not sacrifice quality in order to grab market share at lower price points.

Reuters has now issued a brief statement retracting its re-reporting of the Shanghai Evening News piece, citing "substantial changes" to the source article. Reuters will not be publishing an amended version of its story.

It is unclear exactly what changes Reuters is referring to, as the online version [Google translation] of the Shanghai Evening News piece appears to be essentially the same as when it was first covered by English-language media.

Still, the retraction by Reuters casts significant uncertainty on the original report and raises questions about whether Schiller's comments were mistranslated or misinterpreted.

Xerox today announced that Chief Financial Officer Luca Maestri is leaving the company to take the position of Corporate Controller at Apple. The move will be effective February 28.

"Luca is a stellar finance executive whose contributions have brought great value to the transformation of Xerox into a services enterprise,” said Ursula Burns, Xerox chairman and chief executive officer. "He's helped strengthen our financial foundation, which will serve his successor, our company and our shareholders well for the long term."

At Apple, Maestri will succeed Betsy Rafael, who retired last October. Rafael had served as Corporate Controller and Principal Accounting Officer, and the role of Principal Accounting Officer shifted to Chief Financial Officer Peter Oppenheimer upon her retirement.

In a new interview with AllThingsD, Beats Electronics CEO Jimmy Iovine reveals that he is preparing a subscription music service. Although he isn't revealing details yet, he does say that he started pitching the service to Steve Jobs in 2003.

In 2002, 2003, Doug [Morris, former Universal Music head] asked me to go up to Apple and see Steve. So I met him and we hit it off right away. We were really close. We did some great marketing stuff together: 50 Cent, Bono, Jagger, stuff for the iPod — we did a lot of stuff together.

But I was always trying to push Steve into subscription. And he wasn’t keen on it right away. [Beats co-founder] Luke Wood and I spent about three years trying to talk him into it. He was there, not there … he didn’t want to pay the record companies enough. He felt that they would come down, eventually.

I don’t know what [Apple media head] Eddy Cue would say — I’m seeing him soon — but I think in the end Steve was feeling it, but the economics...he wanted to pay the labels [for subscriptions], but [the fees were] not going to be acceptable to them.

Recently, music streaming services like rdio, Pandora and Spotify have become increasingly popular and Apple is rumored to be working on a Pandora-like "iRadio" streaming service. Iovine mentions that his streaming service would be heavy on curation, like Pandora, rather than simply giving users access to millions of songs like Spotify. Apple's rumored streaming service is said to take the same approach, which makes sense if Jobs did like Iovine's pitch.

Beats and Apple do have a fairly close relationship already, as Apple retail stores tend to use Beats by Dre headphones to demo iPods and other devices.