Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Blocks Java 7 Plug-in on OS X to Address Widespread Security Threat

docwisdom

docwisdom

macrumors newbie
Feb 8, 2008
25
18
Santa Cruz, CA
Java 6_37 on 10.6

Is Java 1.6.0_37 on 10.6 affected by this malware update from Apple? If java is blocked on our 150+ machines, Im gonna have some very unhappy people trying to get into our Timeclock/Scheduler system.
 
T

tywebb13

macrumors 68030
Apr 21, 2012
2,944
1,632
MacRumors said:
Apple has, however, apparently already moved quickly to address the issue, disabling the Java 7 plug-in on Macs where it is already installed. Apple has achieved this by updating its "Xprotect.plist" blacklist to require a minimum of an as-yet unreleased 1.7.0_10-b19 version of Java 7.

There is no word yet on when an updated version of Java addressing the issue will be made available by Oracle.
Click to expand...

get it now!

new build 1.7.0_11-b21 is out now (a higher one than apple required)

Minimum system requirement is Mac OS X Lion 10.7.3.

you can download from http://java.com/en/download/manual.jsp

restart browsers after installing.

the plugin is not blocked after updating.

Official statement from oracle:

http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html

Reuters article:

http://www.reuters.com/article/2013/01/13/us-java-oracle-security-idUSBRE90C0JB20130113
 
Last edited:
szw-mapple fan

szw-mapple fan

macrumors 68040
Jul 28, 2012
3,481
4,342
mac.fly said:
Is Opera (or Lightning) a browser that does not respect Apple XProtect?

I have no other browsers installed and wouldn't like to install more.

Many thanks!!
Click to expand...


Firefox might work. You will still see it blocked but you have the option to run it on the block screen.

----------
grahamperrin said:
This MacRumors article is potentially misleading. A truer title might have been:

Apple protects Mac users of Safari by blocking Java 7 Update 10 (1.7.0_10-b18)

Browsers such as OmniWeb and Safari respect Apple's blockage.

Browsers such as Firefox do not respect the blockage.

Screenshots – the eighth demonstrates that whilst users of Safari are protected, users of Firefox may remain at risk with the Java 7 Update 10 that is blocked by Apple.

The ninth shot draws attention to the relevant security option in the Java Control Panel for Java 7.

Apple's distribution of Java 6 Update 37 appears to be not blocked by XProtect – shot twenty.

The update to the original article is misleading:



That's wrong - not all those versions are affected. Currently neither Apple's distribution of Java 6 Update 37, nor Oracle's distribution of Java 6 Update 37, is listed under CVE-2013-0422.

Google Chrome, Java and XProtect

Chromium issue 169649: Google Chrome for Mac does not work with Apple XProtect

Chrome for Mac is 32-bit. Java 7 runs only on 64-bit browsers.

If you have no immediate requirement to run a Java applet within Safari

Please await an update from Oracle.

If you do have an immediate requirement

You can either:

  • reuse Java 6 Update 37; or
  • use something greater than Java 7 update 10.

Java for OS X 2012-006: How to re-enable the Apple-provided Java SE 6 applet plug-in and Web Start functionality

Proceed with caution:


Internet plug-in for Java 7 Update 12 (early access, developer preview release)

You may cautiously use the Internet plug-in that is with the pre-release JDK.

Java Platform, Standard Edition 7 Update 12 Developer Preview Releases — Java.net

Aim for the JDK, not the JRE. At the time of writing the download for OS X is:

  • jdk-7u12-ea-bin-b08-macosx-x86_64-03_jan_2013.dmg

Notes

At Oracle's Verify Java Version page, the result may be:



– at this time, ignore those words from Oracle. The developer preview releases of Java should be not recommended in that way.

Proceed with caution:

  • a vulnerability that is within Java 7 Update 10 may be also within a developer preview release
  • pay regular visits to Java Downloads for All Operating Systems to discover what's truly recommended by Oracle.

Further reading

In Ask Different:

Click to expand...

Boy this is long...
 
G

Glenn.955

macrumors member
Apr 29, 2009
74
6
Melbourne Australia
Just got prompted that an update to Java is available
 

Attachments

  • Screen Shot 2013-01-14 at 9.29.56 PM.png
    Screen Shot 2013-01-14 at 9.29.56 PM.png
    53.3 KB · Views: 91
E

everything-i

macrumors 6502a
Jun 20, 2012
827
2
London, UK
krravi said:
As a middleware and server platform Java is great. But when it comes to front end, it sucks like a tornado. Their widgets and the slow response times are horrible. Java was trying to be a "all in one" solution but it never got accepted.

I know the Mars rover interface is Java. But NASA engineers could have chosen the easy way out, you know run it on Linux and throw Java on top of it. Easy out of the box solution. I believe Android is based on such a platform, but I am not sure. No wonder it's so glitchy and jerky.
Click to expand...

There are well written Java UI applications that show what is possible if developers know what they are doing. Java can be good on the desktop it just seldom is because of poorly written applications.
 
MorphingDragon

MorphingDragon

macrumors 603
Mar 27, 2009
5,160
6
The World Inbetween
everything-i said:
There are well written Java UI applications that show what is possible if developers know what they are doing. Java can be good on the desktop it just seldom is because of poorly written applications.
Click to expand...

Java is the worst platform to try make GUIs on. Swing is sent from hell to make a programmer's life miserable. Even good programmers will struggle to make good UIs in Swing.

I would rather code in C++/QT and deal with platform issues than to deal with Swing. I would sooner code in Haskell and deal with monadic side effects than to code in Swing. The only relief from a large Swing project is quitting (or cyanide, either works). The only thing you build on Swing form builders is your own grave. If Swing had a baby it would be Hitler.
 
Last edited:
E

everything-i

macrumors 6502a
Jun 20, 2012
827
2
London, UK
MorphingDragon said:
Java is the worst platform to try make GUIs on. Swing is sent from hell to make a programmer's life miserable. Even good programmers will struggle to make good UIs in Swing, I would rather code in C++/QT and deal with platform issues than to deal with Swing.
Click to expand...

As I said if you know what your doing with it, it is possible to produce a decent UI with Java. I'm not saying its easy but it is possible to do. Coding in C++/QT for multiple platforms is also a bag of hurt, compiling for multiple targets and coding platform differences so there is no 'easy' way to go with this.
 
MorphingDragon

MorphingDragon

macrumors 603
Mar 27, 2009
5,160
6
The World Inbetween
everything-i said:
As I said if you know what your doing with it, it is possible to produce a decent UI with Java. I'm not saying its easy but it is possible to do. Coding in C++/QT for multiple platforms is also a bag of hurt, compiling for multiple targets and coding platform differences so there is no 'easy' way to go with this.
Click to expand...

At least on C++ it's not actually that hard if you're willing to put a little effort into some abstraction code. Very few classes actually care what platform they're on so if you properly encapsulate your code it doesn't turn out to be much of an issue. QT also does a pretty good effort in mimicking the native platform too.
 
bbeagle

bbeagle

macrumors 68040
Oct 19, 2010
3,541
2,981
Buffalo, NY
MorphingDragon said:
At least on C++ it's not actually that hard if you're willing to put a little effort into some abstraction code. Very few classes actually care what platform they're on so if you properly encapsulate your code it doesn't turn out to be much of an issue. QT also does a pretty good effort in mimicking the native platform too.
Click to expand...

I don't think you've actually ever coded anything cross-platform to understand how difficult it really is.

The hard part is not just splitting the code between the business logic and the code - this should be done irregardless - the hard part is the way all the GUI elements are handled in different operating systems. Windows, buttons, sliders, menus, etc. take different inputs, send different events, are different sizes, between all OSes.

Specifying a size of 100x100 for a window, for example, will create a 100x100 window in OS X, but a 106x120 window in Windows 7 (Windows 7 adds room for the outside borders and title bar). And the inside of the window, the viewport, the part you can actually draw in, is 100x100 in Windows 7, but more like 96x92 in OS X. Scroll bars? OS X hides them, and you can draw beneath them, Windows 7, you can't draw beneath them. Some coordinate systems have (0,0) in the upper left, some have it in the lower left. And so on, and so on. You have to become an expert in both OSes.
 
KnightWRX

KnightWRX

macrumors Pentium
Jan 28, 2009
15,046
4
Quebec, Canada
bbeagle said:
I don't think you've actually ever coded anything cross-platform to understand how difficult it really is.

The hard part is not just splitting the code between the business logic and the code - this should be done irregardless - the hard part is the way all the GUI elements are handled in different operating systems. Windows, buttons, sliders, menus, etc. take different inputs, send different events, are different sizes, between all OSes.

Specifying a size of 100x100 for a window, for example, will create a 100x100 window in OS X, but a 106x120 window in Windows 7 (Windows 7 adds room for the outside borders and title bar). And the inside of the window, the viewport, the part you can actually draw in, is 100x100 in Windows 7, but more like 96x92 in OS X. Scroll bars? OS X hides them, and you can draw beneath them, Windows 7, you can't draw beneath them. Some coordinate systems have (0,0) in the upper left, some have it in the lower left. And so on, and so on. You have to become an expert in both OSes.
Click to expand...

If your V and C is seperate from your M in MVC, none of those affect you. You just have to write 3 seperate GUIs that receive input and provide output, and a small View Controller that talks to your model controller. The model controller and the actual model can be reused on any platform.

Sounds like you've never actually wrote portable code and are trying to make up excuses for it.
 
bbeagle

bbeagle

macrumors 68040
Oct 19, 2010
3,541
2,981
Buffalo, NY
KnightWRX said:
If your V and C is seperate from your M in MVC, none of those affect you. You just have to write 3 seperate GUIs that receive input and provide output, and a small View Controller that talks to your model controller. The model controller and the actual model can be reused on any platform.

Sounds like you've never actually wrote portable code and are trying to make up excuses for it.
Click to expand...

Wow. You like to attack and attack, KnightWRX. It looks like all you know is from books you've read, or minor dabbling in programming.

I've been developing in my career for over 25 years. It has nothing at all to do with MVC. The GUI part between Operating Systems is VASTLY DIFFERENT. Even the concepts are different. Like, when you click a button, who gets the event first? The button or the window? What if the button handles the event, does the window still receive the event or not? What dialog boxes are modal, what aren't modal? Where is the File menu, on the top of the screen, or part of the window? Etc. Etc.

That part is what makes Java so ideal for developers. I don't want to learn all the APIs to create GUIs in Unix , Microsoft and Apple. Just learn one API, and my code works in all those operating Systems. Sun/Oracle has spent years fine tuning this, so I don't have to code for lots of different systems.

Business logic is usually 10% of the coding. The GUI is the other 90%. I don't want to multiply my GUI logic.

For something simple, like you'd do in CS101 in college, you can definately use C++ with MVC, but not for something real, without multiplying your coding time by a factor of 2-3.
 
S

sainsburys

macrumors regular
Jun 12, 2012
108
0
Poland
Guys I think that problably answer for my question is somewhere between pages 1 and 10 and I thought I will read all of this but in page 3 someone asking my question and then few of you started discussion why Java is good/bad so searching for my answer is liki looking for needle in the haystack...

I have Java unchecked in Safari but I have installed Java with Android SDK (version 1.6.0_37) so...is my Mac in danger?

Please help!
 
Last edited:
MorphingDragon

MorphingDragon

macrumors 603
Mar 27, 2009
5,160
6
The World Inbetween
bbeagle said:
I don't think you've actually ever coded anything cross-platform to understand how difficult it really is.
Click to expand...

Ya I have mate, desktop applications even. It's hard enough just to get BASH scripts to behave on different OSes but you're overstating the difficulty.

bbeagle said:
The hard part is not just splitting the code between the business logic and the code - this should be done irregardless - the hard part is the way all the GUI elements are handled in different operating systems. Windows, buttons, sliders, menus, etc. take different inputs, send different events, are different sizes, between all OSes.
Click to expand...

Now you're just nitpicking and complaining. That isn't hard, its just time consuming.

bbeagle said:
You have to become an expert in both OSes.
Click to expand...

I would hope if a programmer I was hiring actually knew about the platform I hired him to work for. If they don't they learn.

bbeagle said:
That part is what makes Java so ideal for developers. I don't want to learn all the APIs to create GUIs in Unix , Microsoft and Apple. Just learn one API, and my code works in all those operating Systems. Sun/Oracle has spent years fine tuning this, so I don't have to code for lots of different systems.
Click to expand...

There are lots of GUI toolkits that are uniform across platforms, not just Swing. SWT, QT, wxWidgets, GTK to name some of the more common ones. The barrier to cross platform usually isn't the GUI, not by a long shot.

sainsburys said:
Thanks, I can sleep calm now. Just when I finish Android project I will uninstall this piece of *+%@
Click to expand...

It's only the web plugin.
 
Last edited:
Rodimus Prime

Rodimus Prime

macrumors G4
Oct 9, 2006
10,136
4
MorphingDragon said:
I would hope if I programmer I was hiring actually knew about the platform I hired him to work for. If they don't they learn.
Click to expand...

I would say any developer that can not quickly learn another OS and pick up its design standards in a few weeks is a crappy developer plan and simple. It is not that hard to pick up another OS.

Any software developer worth their salt can get pretty good at another OS in just a short time span and should always be learning.
 
Y

yaddayadda

macrumors newbie
Jan 16, 2013
2
0
Java discussion:

Being a software professional myself and having worked with Java + Flash/HTML4/HTML5 technologies for some 8 years my opinions may obviously be biased. My last dabblings for professional projects using .NET were some 5 years ago, and only recently have I actually been working on projects with PHP and Python codebases. My role is officially as 'the QA guy' but a lot of my time is also split with DevOps/versioning control guru/server ninja/build engineer/automation monkey.

One of the things that I see is a HUGE benefit with Java is that the ecosystem is immensely mature in regards to DELIVERING software. Nothing else I have seen comes close in regards to static analysis (detecting bugs up front), frameworks for testing, dynamic analysis, research projects that may have great findings for your latest project, build tools (maven/gradle etc), continuous integration systems, hosting services. Closest is probably .NET and some of the stuff coming out of Microsoft Research

All of the above (minus hosting/basic building) is quite often an oversight (IMO) for most people - but it makes the difference from going from a manual process to a fully automated process that catches issues upfront / ensures scalability.

My experiments with XCode for building iOS Apps are not that great (but again I do not know the language well enough to dabble into the inner workings of it) - if everything works out of the box it is easy to initiate an xcodebuild - however I have never tried a situation in which it was that easy (due to xcode bugs/unsupported features that is req. for app provisioning etc) - and similarly the ecosystem is just not that great for Objective-C / iOS development. Where is my CheckStyle/FindBugs - closest is probably via OCLint and maybe a TeamCity/AppCode install, but without it getting me to where I would expect to be in Java environment.

JavaScript seems similarly immature - I have build jobs running via Node.js and AMD - and it just requires way way more work to get the stuff up and running that enables fewer bugs to be released / way faster delivery (unless you are into 'live-hacking').
 
R

resting

macrumors member
Aug 15, 2011
57
2
~ Sun Jan 20 03:52:58>/Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java -version
java version "1.7.0_11"
Java(TM) SE Runtime Environment (build 1.7.0_11-b21)
Java HotSpot(TM) 64-Bit Server VM (build 23.6-b04, mixed mode)
Click to expand...

On Java 1.7.11 and using Firefox.
But still doesn't work.
The chart applet simply fails loading.

It didn't work when I removed 1.7.10 and reverted to Java 6 too.
It prompted me to install JRE which directed me to download 1.7.11.

Any more ideas to get it working?

How does Apple block our systems anyway?

Update: After refreshing the page a few times. Its finally loading!
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom