CrashPlan Java App Not Affected by Security Vulnerability

CrashPlan Java Vulnerability

Following the recent Java security crisis, many users became concerned about the security and functionality of their Java-based applications. Apple remotely disabled Java for Mac users on Friday to protect them against the critical security flaw, but many key applications depend on Java to operate, including popular backup service CrashPlan.

Thankfully for users of CrashPlan, Code 42, the service’s developers, issued a statement Monday, assuring its customers that they are unaffected by the security flaw and Apple’s preemptive strike to disable the software.

CrashPlan relies on the system-wide version of Java that resides in a Mac’s system folder. The security flaw is found in the browser plug-in version of Java, related to, but separate from, the system-wide version. It was the Java browser plug-in that Apple disabled, and it is also that version which exposes users to security risks.

The short answer is that [the Java security vulnerability] does not affect CrashPlan at all, and CrashPlan users can continue to use Java. The vulnerability only affects the Java browser plug-in, which CrashPlan doesn’t use (or need), and it only affects Java 7, which is not used by CrashPlan.

Oracle, the developers of Java, have since released a patch which supposedly fixes the issue but due the severity of the security flaw, it is still recommended that users who do not rely on the software wait for confirmation of its efficacy.

Further, as mentioned in the CrashPlan statement, the vulnerability reportedly only affects Java 7 (version 1.7), while Macs by default run Java 6 (version 1.6). Apple’s decision to unilaterally disable all versions of the Java browser plug-in in OS X was therefore possibly an overreaction.

But if Zombie movies have taught us anything, it’s that it is best to use napalm first and ask questions later when dealing with a dangerous outbreak of any kind.

Teaser graphic made with help from Shutterstock.