Oracle has just given you another reason not to install Java on your Mac

JavaWe all know that, when it comes to security holes, Java is the big “swiss cheese”.

If you run Java on your computer you are increasing your attack surface, as malicious hackers will often exploit vulnerabilities in Oracle’s software to infect your computer.

This isn’t just a problem with Java, of course. But the sad truth is that Java – when enabled in the browser, particularly – has a pitiful track record when it comes to exploitable vulnerabilities.

So it’s no surprise that many people don’t like to run Java on their computers, if they can at all help it.

Sign up to our free newsletter.
Security news, advice, and tips.

Well, now those kind fellows at Oracle have come up with another reason why Mac users may not want to install Java on their Mac.

Because, as Ed Bott of ZDNet reports, Oracle is now bundling adware in the default installation of Java for Mac.

With the latest release of Java for the Mac, Oracle has begun bundling the Ask adware with default installations as well, changing homepages in the process.

The unwelcome Ask extension shows up as part of the installer if a Mac user downloads Java 8 Update 40 for the Mac. In my tests on a Mac running that latest release of OS X, the installer added an app to the current browser, Chrome version 41. (In a separate test, I installed Java using the latest version of Safari, where it behaved in a similar fashion.)

Java for Mac installing Ask Toolbar

I think it’s great that Oracle is showing its contempt for its users in this way. The company’s transparency should be applauded. They’re clearly saying that they don’t care about whether folks might not want ads sneakily inserted into their search results, and their default home page changed. Instead, they’re openly declaring that they care much more about making a few bucks from pushing the Ask adware.

It’s good to know where we all stand.

MacAnd perhaps our only surprise should be that it’s taken so long for Oracle to act dirty with Mac users, as they’ve been pushing unwanted software onto Windows users alongside their Java installs for years.

The adware isn’t as serious a threat as Superfish, the man-in-the-middle adware installed on Lenovo PCs. But my guess is that the vast majority of people would never want it on their computers.

All I wanted was the Ask Toolbar

Of course, you can choose not to install the Ask adware, or remove it if (in your hurry to ensure that you were running the latest patched version of Java) you accidentally overlooked that Oracle was going to plant it on your computer.

And if you want to avoid Oracle pushing third-party apps on you in future when you update Java, you can follow these instructions.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

5 comments on “Oracle has just given you another reason not to install Java on your Mac”

  1. Simon Plummer

    This doesn't appear to be just on Mac – I spotted the dreaded 'Ask toolbar' option during update on Win 7.

    1. Graham CluleyGraham Cluley · in reply to Simon Plummer

      Yes. They've been doing that for a long time on Windows. It's clearly worked so well for them that now they're trying on Mac too.

  2. Tom Hill

    There is the option to turn off sponsor add-ins in the java control panel.

  3. M. Possamai

    I really don't get this…
    Why does a million dollar company need to push an ask toolbar through our throats? For a few extra bucks?

    They never should have bought it from Sun…
    It sucked then, but it sucks even more now. .
    It's not enough that you can't trust Java itself.. They even managed to ruin the setup.

  4. JoB

    Hi there!

    I'm not a massive tech person but I normally more or less understand these kind of things, however I'm having a hard time with the Java update thing…

    It's been almost 2 months my computer has been asking to update Java, I finally did it about a couple of weeks ago. And then it asked me to do it again, and again. I feel like it is a virus. And it I dont do it (which I know stopped) my youtube keeps planting.

    Could someone please enlighten me, as on what it is, and whether I should trust this Java update?



What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.