Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Once Again Blocks Java 7 Web Plug-in

derek

derek

macrumors member
Aug 3, 2001
71
98
Syracuse, NY
Java ≠ JavaScript ≠ Java ≠ JavaScript... X ∞

sectime said:
You know Java exploit and Javascript in Safari are two different things? Javascript is not blocked by Apple. At least on the ten machines at my workplace.
Click to expand...

Java and JavaScript have NO relation to each other. The term 'JavaScript' was a poor marketing decision by Netscape and Sun Microsystems for gawd knows what reason. That's what marketing people do, apparently.

The actual, modern day name for what used to be JavaScript has been ECMAScript for many years. The term 'JavaScript' is now merely a quaint term of nostalgia. Keep that in mind when you see it.

My brief history of ECMAScript:
1) Netscape creates a 'safe' web scripting language they called 'Mocha'.
2) They change its name to 'LiveScript'.
3) Marketing dweebs at both Netscape and Sun get together and agree that Netscape can change the name to 'JavaScript'. You figure out why. No one else has.
4) Adobe and Microsoft want in on the action and toss more scripting code onto the Internet called 'ActiveScript' and 'JScript'. It wreaked havoc on the Internet.
5) The ECMA (European Computer Manufacturers Association) attempt to bring sanity to the situation and combine all three into a standard specification called 'ECMA-262' or 'ISO/IEC 16262'. But that's annoying technobabble, so it's simply called 'ECMAScript'.

And again, there never has been ANY relationship between Java and JavaScript. None. Zero. Nothing. They only share the letters J A V A. The end.

Wikipedia.org is your pal. Look up ECMAScript and read all about it.
 
Last edited:
ulyssesric

ulyssesric

macrumors 6502
Oct 7, 2006
250
204
Conspiracy ?

Not only Apple, Mozilla had also blocked Java by default in their latest FireFox release. Though you can still re-enable Java in FireFox manually, every time.

Is there anything really, really nasty happened in the past few days and the public don't know yet ?
 
Oletros

Oletros

macrumors 603
Jul 27, 2009
6,002
60
Premià de Mar
Tech198 said:
Could't Apple do its own Java.... period ? That way only they will control it, and most importantly, it will always be more secure. It can't be any less secure than what we currently have.
Click to expand...

Apple was making their own Java until more less two years ago.
And no, it was not more secure than Oracle's one, it lagged behind
 
Weaselboy

Weaselboy

Moderator
Staff member
Jan 23, 2005
34,137
15,601
California
MacMan988 said:
How do they block and unblock ? Do they send any updates through App Store? I did not get any kind of updates from Apple.
Click to expand...

Apple is doing it in the background by updating a xprotect.plist file that can block certain sites/processes. It does not come through the App Store and you get no notice that this has occurred, leading to some of the problems we see in this thread. Over the last couple days there have been several new forum posts from users who all of a sudden can't access their bank's web site for example because of the update.

It would be nice if Apple notified users of a change like this.
 
P

PaulKemp

macrumors 6502a
Jun 2, 2009
568
124
Norway
haruhiko said:
It seems to me that relying on a third party platform like Java for crucial systems like online banking is not a very great idea. The user interface should be transparent to the user and doesn't require any plug-ins. Most online banking / transaction system here in Hong Kong completely ditched the requirement of Java browser plug-in recently.
Click to expand...

That may be, but it doesnt really help me as a end user. I cant choose this or that. This is a federation of all the banks in Norway. They will probably in the future move away form jave, but that has not happened yet. So this is stupid of Apple, they are going over the threshold.
 
R

rbgros1

macrumors newbie
Jan 13, 2008
3
0
Java not blocked in Safari 5.1 with Java 1.7 update 11

I downloaded Safari 5.1 from http://mac.oldapps.com/safari.php. (The page says 5.1.1, but I got 5.1.7.) It runs Java applets, even with Java 1.7 update 11 installed. Doesn't solve any security issues, but at least you can run your trusted applets. I'm running MacOS 10.7.5.
 
T

twigman08

macrumors 6502
Apr 13, 2012
478
1
topmike said:
This is too funny


I went to www.icloud.com to make some changes to my account - which for some reason, the icloud site uses JavaScript!

Of course Safari blocks access to it. The screenshot was from Safari.

(I think MacRumors uses Java to submit reply's too.....)
Click to expand...

Even though this has been already said Java and JavaScript have absolutely o relation to each other at all except they both for some unknown reason have "Java" in their name. From what I know their is absolutely NOTHING shared between them.

While their are still "uses" of Java (though as a programmer I would argue that just about any web app that uses Java I and others could make using some other web language) where you really don't want/need to block use too, Java on the web needs to disappear.

I've been tempted to offer to write some newer software for some companies or schools that still use Java where it is not needed.

Schools gradebook system? While not "easy" to program fully, I could write a web app that'd I'd argue would be even more secure than the one they currently use and could probably even get more features packed into and still make it just as usable as what they currently use.

I can't remember the last time I turned on Java. Tell you the truth, I can't even remember the last time I had any web app actually tell me it needs Java to run. Though yes I do understand other people have different needs and can see how this is a big inconvenience.
 
SmileyBlast!

SmileyBlast!

macrumors 6502a
Mar 1, 2011
654
43
DaveTheRave said:
Oh...so you think Apple contacted my company's IT department to tell them they were going to disable Java?
Click to expand...

You'd think that a Bank IT department would have a support contract with their hardware vendor and a sales rep or support rep they could call for quick answers.

Plus its their job to be looking for these kinds of bulletins and sending a resultant message to the office staff when outages occur.

----------
jonatron said:
I think you're missing the point and being very naive. I have no problem with Apple securing system at all. Its great they are proactively making updates. However to force this on people with no explanation is plain unnacceptable. I spent a long time trying to work out what was wrong with no error or guidance from Apple.

A lot of people use business systems that rely on Java. Software companies cannot simply turn around compatible updates at the drop of a hat. We are going to have to use a brand new version of java that is unsupported for using our finance system.

The choice here is that if Apple continues to do this then we will be moving away from the mac platform from for a number of our users as we cannot afford to have obstacles such as this in our way.

I'm not asking them to do nothing just behave in a controlled and mature way.

At the very least all they had to do was say we're going to disable this in X days and I would have been able to come up with a workaround. Instead I have had an entire department lose a days work.

Whats even more frustrating is Im going to have to disable the safe downloads completely for all of our users which means they are going to miss out on future updates to this list. Ultimately making us less secure. Great.
Click to expand...

Yes I agree. That would have been a more measured response.
I find it hard to believe they didn't announce this to their customers somehow.
 
M

mpolda

macrumors member
Mar 12, 2010
66
35
Sadly, not true.

RMo said:
Do you really do most of the work on your computer with Java plug-in applets? My understanding is that, like last time, regular desktop applications (JARs, including those launched as part of a packaged APP bundle) will work fine.
Click to expand...

Oh, I wish that were true. As a teacher my standalone gradebook won't open, nor will other browsers work.
 
Blu-ray1972

Blu-ray1972

macrumors member
Feb 1, 2013
91
251
Tiger8 said:
Oracle bought all those companies and products that they have absolutely no clue how to support or further develop.

I do work in two used-to-be-great enterprise software packages, both went downhill since the original company was bought by Oracle.
Click to expand...

I am in the same boat. I'm also quite displeased in their lack of Mac support for some of their programs for supporting DBs.
 
C

C DM

macrumors Sandy Bridge
Oct 17, 2011
51,390
19,458
rafiki said:
http://java.com/en/download/

Only for 10.7.3 or higher...not sure about 10.6.x
Click to expand...
Yup, looks like Oracle put out Java 7 Update 13 with some additional fixes just earlier today, so this should resolve this issue.

That aside, when Apple does it, all it affects is the ability of Java plug-in to run in Safari, that is it. Java applications running outside the browser are unaffected, nor is Java plug-ins in any other browser. So, it really shouldn't be that big of an issue for vast majority of people--at worst simply use another browser like Firefox (which is vastly more popular than Safari anyway).

And, to repeat, JavaScript has absolutely nothing to do with Java, aside from simply having "Java" as part of its name.
 
S

sectime

macrumors 6502a
Jul 29, 2007
530
0
derek said:
Java and JavaScript have NO relation to each other. The term 'JavaScript' was a poor marketing decision by Netscape and Sun Microsystems for gawd knows what reason. That's what marketing people do, apparently.

The actual, modern day name for what used to be JavaScript has been ECMAScript for many years. The term 'JavaScript' is now merely a quaint term of nostalgia. Keep that in mind when you see it.

My brief history of ECMAScript:
1) Netscape creates a 'safe' web scripting language they called 'Mocha'.
2) They change its name to 'LiveScript'.
3) Marketing dweebs at both Netscape and Sun get together and agree that Netscape can change the name to 'JavaScript'. You figure out why. No one else has.
4) Adobe and Microsoft want in on the action and toss more scripting code onto the Internet called 'ActiveScript' and 'JScript'. It wreaked havoc on the Internet.
5) The ECMA (European Computer Manufacturers Association) attempt to bring sanity to the situation and combine all three into a standard specification called 'ECMA-262' or 'ISO/IEC 16262'. But that's annoying technobabble, so it's simply called 'ECMAScript'.

And again, there never has been ANY relationship between Java and JavaScript. None. Zero. Nothing. They only share the letters J A V A. The end.

Wikipedia.org is your pal. Look up ECMAScript and read all about it.
Click to expand...
I'm thinking you didn't even read my post, but it appears you enjoyed writing your response:)
 
RMo

RMo

macrumors 65816
Aug 7, 2007
1,254
281
Iowa, USA
mpolda said:
Oh, I wish that were true. As a teacher my standalone gradebook won't open, nor will other browsers work.
Click to expand...

It's been updated now, but Firefox still worked for me when this happened the time before this. You just have to click to enable the plugin.
 
sonynair

sonynair

macrumors newbie
Jun 15, 2012
11
2
London, UK
RayK said:
Have you found a way to disable XProtect (Automatically update safe downloads list) through command line means? I cannot seem to find what plist this is modifying. This has been driving me nuts for weeks.
Click to expand...

Disable XProtectupdater via command line...

Code: 
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist


Re-enable XProtectupdater via command line...

Code: 
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist
Regards
 
Last edited:
MagnusVonMagnum

MagnusVonMagnum

macrumors 603
Jun 18, 2007
5,193
1,442
Tech198 said:
I agree, it is ridiculous that Apple is cleaning up someone else's continuous mess, in this case (Oracle's)

Could't Apple do its own Java.... period ? That way only they will control it, and most importantly, it will always be more secure. It can't be any less secure than what we currently have.
Click to expand...

Uh, Java is a standard and so they can't just start some tangent, but they could maintain their own version and fix security flaws. The thing is they DID do their own version prior to Java7. They did NOT want to maintain it any longer and that's why they handed it off to Oracle to maintain themselves.

In general, Windows has had a gazillion exploits in it over the years. If Microsoft came along and disabled all Windows computers every time one was found, the whole world would come to a halt. Apple needs simple bypass controls with a warning rather than just stopping all the Macs on the planet. As someone pointed out earlier, that can potentially do more damage than any Malware out there since it affects EVERYONE whether they're careful or not (and not in a positive fashion if you NEED to run the Java plugin).

Like I said earlier, though. My Mac Mini with OSX 10.8.2 continued to operate Java after this supposed second block was put into place, so I can't verify ANY accuracy of this article (and yes my security was still set to download updates). It just asks me if I want to run it or not. That's what it SHOULD do.

Meanwhile, I just checked it again and it did block it in a way...rather it told me there's an update available I need to download first.
 
T

Tech198

Cancelled
Mar 21, 2011
15,915
2,151
MagnusVonMagnum said:
Uh, Java is a standard and so they can't just start some tangent, but they could maintain their own version and fix security flaws. The thing is they DID do their own version prior to Java7. They did NOT want to maintain it any longer and that's why they handed it off to Oracle to maintain themselves.
Click to expand...

Ya, i know this. But obviously something is needed here... ... Apple may not want to do this, but they may have had better chances in the long run. Handing it off to some other company to take care off, your falling under their terms based on when they want to fix it..

From a security perspective, fixing it quicker makes sense.
 
M

MvdM

Suspended
Apr 27, 2005
380
695
HOW do they block Java? I see no security update or something else I can download.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom