Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Oracle Releases Java 7 Update 13 to Address Security Issues, Reenable Web Plug-in on OS X
- Thread starter MacRumors
- Start date
- Sort by reaction score
This Java vulnerability affected all systems with Java installed so that includes Windows, Linux, and etc.
Also, no payloads targeting OS X have been included for exploits of this vulnerability in the wild but payloads for Windows and Linux are circulating in the wild.
This lack of payloads is most likely due to Apple being able to quickly blacklist vulnerable version of plugins.
So, at least Apple is doing something to effectively mitigate this vulnerability from being exploited in the wild.
I doubt that will happen. The Preference Pane appears to be a constant across all versions of Java, being no more than a "stub" that launches a Java application that contains the actual preferences--the same Java preferences that you'd find on any other platform. They'd have to re-write it using (most likely Objective C and) Cocoa, which I suspect they are not likely to want to do given that it goes against the cross-platform advantage of Java itself. Or Apple could let Java app(let)s be embedded in the System Preferences app.
This does not work.
You need to navigate to http://www.java.com/en/download/testjava.jsp
here you can test if you have it.
Unless you absolutely need Java installed, do yourself a big favor and uninstall it. Trust me, you will sleep better at night.
Or just disable it in the browser. It's of use to me for programs like Minecraft and Crashplan. I'm not worried about it when it's out of the browser.
Whatever. Is there a 32-bit version available for my MacBook, or will I be stuck with Java 5? I guess this is a rhetorical question.
Which OS?Whatever. Is there a 32-bit version available for my MacBook, or will I be stuck with Java 5? I guess this is a rhetorical question.
Yes thanks for that but I am fully aware that Apple doesnt maintain Java.
I'm looking for the info on their site from Apple about why they blocked it. Guidance for this going forward. Maybe some kind of press release. I work in IT and this kind of secretive update is not acceptable. Businesses need some communication from Apple. A solitary pop up which doesnt explain anything apart from I have to update (when there isnt even an update available) is just not enough.
Im sorry but that is not Oracle's responsibility, they didnt block it. Their responsibility is on fixing and releasing updates for Java, and communicating about them, not having to explain Apple's dirty work.
I'm not sticking up for java here BOTH Apple and Java at fault.
Pain in the arse!
I use an important WebApp, run by Medtronic, enabling me to upload data from an Insulin Pump, which helps me to manage my type 1 Diabetes;
The Medtronic CareLink used a Java Applet to drive a wireless device to communicate between the Insulin Pump and the CareLink system..
Every-time Apple blocks, it shuts me out of my medical care, every-time Java update we have to wait for medical testing certification....
It has been an uphill struggle for a number of years to get medical companies to support Mac,
This situation is hardly going to help, is it?
I use an important WebApp, run by Medtronic, enabling me to upload data from an Insulin Pump, which helps me to manage my type 1 Diabetes;
The Medtronic CareLink used a Java Applet to drive a wireless device to communicate between the Insulin Pump and the CareLink system..
Every-time Apple blocks, it shuts me out of my medical care, every-time Java update we have to wait for medical testing certification....
It has been an uphill struggle for a number of years to get medical companies to support Mac,
This situation is hardly going to help, is it?
I genuinely feel sorry for you.
I do think that the one which provides this service aren't really smart, now are they.
It already happened a few times, and to rely on an non secure java plugin for healthcare is stupid in my opinion, not your fault, it's the service provider of yours.
About the bolded part, Apple blocks it which sux, but you also say that you have to wait for medical testing certification, now this is sooooo stupid of Medtronic, why they even have this is beyond my understanding.
Similar to Banks, Most/All of Norwegian banks were not accessible if you have a Mac and the former Java plugin (WTF).
We as consumers don't need java, business Yes.
It's not Java or Mac OS X
Writing 100% secure & bug free software is impossible (beyond simple "hello world" applications). There are major holes in every OS and app. Finding these is not trivial. Oracle should have fixed these bugs earlier, but they are fixed now. Hopefully they learned a lesson and will continue to keep up with newly discovered bugs. But I can guarantee you there are still exploits to be had in Java, and in OS X too.
The only truly secure computer is one that doesn't turn on.
Writing 100% secure & bug free software is impossible (beyond simple "hello world" applications). There are major holes in every OS and app. Finding these is not trivial. Oracle should have fixed these bugs earlier, but they are fixed now. Hopefully they learned a lesson and will continue to keep up with newly discovered bugs. But I can guarantee you there are still exploits to be had in Java, and in OS X too.
The only truly secure computer is one that doesn't turn on.
I agree and disagree with your assessment.
Yes, I agree that there are always flaws to be found. Most of it depends on the security of the Operating System, and what functions it allows developers to call, and what side effects any of those might have if developers either intentionally or unintentionally send incorrect parameters.
But for every APP to have major holes is just plain false. Every app, for example, a game, might have no holes because it only allows interaction with a user through a joystick, keyboard arrow keys, or such simple interaction. There is no way to pass bad inputs to the game. Something different like a spreadsheet program might be able to save things to a hard drive which might be compromised if there is bad code, or especially if there is a scripting language which allows arbitrary code to be run in the spreadsheet program.
Java is insecure because it is a gatekeeper for developers to write whatever they want to. Java could be very secure if it was dumbed down, like not allowing any programs to write to a hard drive or send out a web request. But then, it wouldn't be a programming language anymore.
Far from it.
Far from it. I didn't say impenetrable.
By the way, I've been at Mac admin for almost 20 years, since System 7 and AppleShare IP, at printing companies, newspaper/magazine publisher, state university and as a consultant. I've been an Apple Certified Support Professional since 10.6 up to and including 10.8. I'm also an Apple Certified Macintosh Technician.
I will say I just noticed Apple's link redirects the old Java for Mac OS X 10.6 Update 11, not Java for Mac OS X 10.6 Update 12. This is a live link to the download so if you click it it'll immediately begin downloading the .dmg. As an alternative you can go to http://support.apple.com/downloads/ where currently Java for Mac OS X 10.6 Update 12 is the first available download. Don't click the link to the support article because it'll take you to the old version. Click the download button to receive the correct version.
Far from it. I didn't say impenetrable.
By the way, I've been at Mac admin for almost 20 years, since System 7 and AppleShare IP, at printing companies, newspaper/magazine publisher, state university and as a consultant. I've been an Apple Certified Support Professional since 10.6 up to and including 10.8. I'm also an Apple Certified Macintosh Technician.
I will say I just noticed Apple's link redirects the old Java for Mac OS X 10.6 Update 11, not Java for Mac OS X 10.6 Update 12. This is a live link to the download so if you click it it'll immediately begin downloading the .dmg. As an alternative you can go to http://support.apple.com/downloads/ where currently Java for Mac OS X 10.6 Update 12 is the first available download. Don't click the link to the support article because it'll take you to the old version. Click the download button to receive the correct version.
Last edited: