Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jan 15, 2013, 12:01 AM   #51
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by Solomani View Post
Ahh... I do not see any Java icon/panel in System Preferences. Stock OSX Mountain Lion 10.8.2 pre-installed in my iMac December 2012. I suppose this means I do not see the Java control panel because I never manually installed a full version from Oracle to begin with?
Yes, you have to manually install Java to see the preference pane.

Quote:
P.S. -- and I'm sure that as far as the Safari Java plug-in, Apple will likely just update that in the next incremental OSX Update (Mountain Lion 10.8.3?)
No, Apple is no longer supplying Java in OS X updates.
munkery is offline   1 Reply With Quote
Old Jan 15, 2013, 01:42 AM   #52
MacSince'85
macrumors member
 
Join Date: Oct 2012
Is Java 6 at risk?

For those of us stuck on Leopard due to hardware limitations, are we at risk running Java 6?
MacSince'85 is offline   0 Reply With Quote
Old Jan 15, 2013, 05:40 AM   #53
Shrink
macrumors Demi-God
 
Shrink's Avatar
 
Join Date: Feb 2011
Location: New England, USA
Quote:
Originally Posted by Solomani View Post
Can we expect Apple to automatically provide the Updated Java to us via the Software Update control panel (sometime soon)? Or do ALL Mac users have to download it manually?

I'm a bit confused on Apple's Modus Operandi when it comes to Java now. As I understand it, they leave the updating/fixing to Oracle. So does that mean Apple is no longer allowed to distribute the updates themselves? And where do we go to Update, on Apple servers or at Oracle download servers?
I'm embarrassed to say that I recently figured out that I never even downloaded Java. So it's not an issue, and I obviously don't need it.
__________________
Two things are infinite, the universe and human stupidity; and I'm not sure about the universe. -- Albert Einstein
Shrink is online now   0 Reply With Quote
Old Jan 15, 2013, 09:41 AM   #54
designer22
macrumors member
 
Join Date: Jan 2008
Location: Minneapolis MN
snow leopard and java update?

Downloaded Java 7 Update 11 DMG, but it says I need OSX Lion to use the installer....any help please? Thanks.
designer22 is offline   0 Reply With Quote
Old Jan 15, 2013, 10:05 AM   #55
carlgo
macrumors 68000
 
Join Date: Dec 2006
The millions of average computer users should not have to be subjected to this nerdy mess. Far from the "It just works" mantra. Apple may not supply Java anymore, but they let it in the door and so they need to deal with it in an understandable and automatic way.
carlgo is offline   0 Reply With Quote
Old Jan 15, 2013, 11:47 AM   #56
frozencarbonite
macrumors 6502
 
Join Date: Aug 2006
Quote:
Originally Posted by MacSince'85 View Post
For those of us stuck on Leopard due to hardware limitations, are we at risk running Java 6?
This is my question as well. I'm running Snow Leopard. Are we just out of luck?

According to Java's website:
"For Java versions 6 and below, Apple supplies their own version of Java. Use the Software Update feature (available on the Apple menu) to check that you have the most up-to-date version of Apple's Java for your Mac."

I ran Software Update, but no updates are available for Java 6.
frozencarbonite is offline   0 Reply With Quote
Old Jan 15, 2013, 02:14 PM   #57
iapplelove
Banned
 
Join Date: Nov 2011
Location: East Coast USA
Quote:
Originally Posted by AlabamaSlammer View Post
Any advice on what i need to do?
The same thing happened to me and I decided to download and it completely deleted my java preference folder
iapplelove is offline   0 Reply With Quote
Old Jan 15, 2013, 08:14 PM   #58
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by MacSince'85 View Post
For those of us stuck on Leopard due to hardware limitations, are we at risk running Java 6?
If there is a risk, it can be mitigated by disabling Java in the browser.

Only enable Java in the browser during the period of time when you visit sites that require Java that you know are safe.
munkery is offline   0 Reply With Quote
Old Jan 16, 2013, 12:59 AM   #59
syzygy123
macrumors newbie
 
Join Date: Jan 2013
Talk about back door

Does this mean that apple can at any time disable my browser plugins without my explicit consent? Is anybody else bothered by this?
syzygy123 is offline   0 Reply With Quote
Old Jan 16, 2013, 01:49 AM   #60
haruhiko
macrumors 68030
 
haruhiko's Avatar
 
Join Date: Sep 2009
Quote:
Originally Posted by syzygy123 View Post
Does this mean that apple can at any time disable my browser plugins without my explicit consent? Is anybody else bothered by this?
It means that somebody can at any time access your computer's data, log your keys, steal your passwords etc etc without your explicit consent if your buggy vulnerable java version was not disabled.
__________________
Mac: rMBP'12, iMac'08/24", Mini'09, MBP'10/15", MBA'11/13". iPhone: 5s/64S 5/64B, 4S/64W, 4/32B, 3GS/16. iPT: 3G,1G. iPad: Air,Mini2,4,3/LTE/64 2/3G/32, 1/WiFi/16. ATV'12,'11, AEBS'09, TC'13/2TB
haruhiko is offline   0 Reply With Quote
Old Jan 16, 2013, 06:29 AM   #61
Philscbx
macrumors regular
 
Join Date: Jan 2007
Location: Mpls Mn
Quote:
Originally Posted by carlgo View Post
The millions of average computer users should not have to be subjected to this nerdy mess.

Far from the "It just works" mantra.

Apple may not supply Java anymore, but they let it in the door and so they need to deal with it in an understandable and automatic way.
I'm Not touching a damn thing till I get a response back from the Site.
You go there - 5000 links -
and not one damn thing steers you to - this is what you have - this is what you need BS.

We Paid for Apple to do the work - for Fk Sakes.
And Now Oracle can't simple Fkg steer. Gee's - like being run by pact of 5 yr old exec's stuck in sandbox.
__________________
MP3.1,8GB,4TB, MBPro13 5.5, iPad1 64G, iPhone 3gs, iTouch, PB15 1.6, ATv, Rxv3900.
Philscbx is offline   0 Reply With Quote
Old Jan 16, 2013, 12:24 PM   #62
syzygy123
macrumors newbie
 
Join Date: Jan 2013
Quote:
Originally Posted by haruhiko View Post
It means that somebody can at any time access your computer's data, log your keys, steal your passwords etc etc without your explicit consent if your buggy vulnerable java version was not disabled.
Hold on, this is a separate issue. This has nothing to do with my question. It seems to me that somebody at Apple is making decisions for me. I should have been asked! I am perfectly capable of grasping the security implications of running Java on in my browser, and I might be willing to "risk" those issues (which are extremely unlikely to happen to me, and the gains might *for me* outweigh the risks). That I something *I* get to decide. In fact, I had a client a few years ago who has asked me to maintain a Java applet for him. Does this mean that I would suddenly lose the ability to do business (testing), just beacause some egghead at Apple decided that the reputation of the OSX platform as a "safe" OS (which is an illusion, there were cases of security breaches on OSX *NOT* involving Java) is more important than my choice as a consumer?

It's things like this that really make me wonder if I have chosen my computer correctly. I can only dream that Linux develops sufficiently to be put on decent laptops and sold in stores...

Last edited by syzygy123; Jan 16, 2013 at 12:25 PM. Reason: Forum censors cra ppy.
syzygy123 is offline   0 Reply With Quote
Old Jan 16, 2013, 06:59 PM   #63
Cubytus
macrumors 65816
 
Join Date: Mar 2007
Quote:
Originally Posted by Stella View Post
No one is forcing you to use Java, just simply uninstall it and you'll not miss it.

In the mean time, I and others will quite happily using Java for desktop applications.

Please inform us of these 'better' alternatives for multiple O/S development, for desktop applications?

BTW - Java is the most used language for mobile development...
No ONE is forcing us to use Java, except when we install software that *require* Java for some functionalities, and that these software simply don't have an alternative as many properly-coded Flash-based sites have.

...And now I understand why battery life has dramatically fell when smartphones began to spread.
__________________
Ubuntu and Mac OS X user means sacrilege both to Mac and GNU/Linux communities.
Stop ranting, give feedback: http://www.apple.com/feedback
Online, my trilingual blog
Cubytus is offline   0 Reply With Quote
Old Jan 16, 2013, 08:17 PM   #64
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by syzygy123 View Post
Hold on, this is a separate issue. This has nothing to do with my question. It seems to me that somebody at Apple is making decisions for me. I should have been asked! I am perfectly capable of grasping the security implications of running Java on in my browser, and I might be willing to "risk" those issues (which are extremely unlikely to happen to me, and the gains might *for me* outweigh the risks). That I something *I* get to decide. In fact, I had a client a few years ago who has asked me to maintain a Java applet for him. Does this mean that I would suddenly lose the ability to do business (testing), just beacause some egghead at Apple decided that the reputation of the OSX platform as a "safe" OS (which is an illusion, there were cases of security breaches on OSX *NOT* involving Java) is more important than my choice as a consumer?

It's things like this that really make me wonder if I have chosen my computer correctly. I can only dream that Linux develops sufficiently to be put on decent laptops and sold in stores...
Java is no more secure on Linux and the exploit in the wild for this Java vulnerability has Linux payloads but it does't have OS X payloads.

Apple's capacity to set minimum versions for plugins via XProtect is most likely the reason that malware developers didn't bother making OS X payloads for this vulnerability.

Java is dangerous because of its inherent purpose it isn't protected by the runtime security mitigations of the host OS but only the Java sandbox which doesn't function via the host OS sandbox and the Java sandbox recently has been circumvented fairly easily.

Mac OS X and Linux pretty much have the same runtime security mitigations at the moment.

Across all versions of each OS, Mac OS X has fewer local privilege escalation vulnerabilities than Linux namely due to the fact that Mac OS X has better access controls on interprocess communication.

No methods have been demonstrated that allow remotely bypassing the runtime security mitigations in Mac OS X since the introduction of Lion. For example, Safari running on Lion was not compromised at the last Pwn2own.
munkery is offline   0 Reply With Quote
Old Jan 16, 2013, 09:05 PM   #65
MacMan988
macrumors 6502a
 
Join Date: Jul 2012
I updated Java from system preferences. But am I supposed to get an update from Apple through AppStore ? I see nothing in the App Store's update tab.
MacMan988 is offline   0 Reply With Quote
Old Jan 16, 2013, 09:22 PM   #66
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by MacMan988 View Post
I updated Java from system preferences. But am I supposed to get an update from Apple through AppStore ? I see nothing in the App Store's update tab.
No update from Apple is required.

XProtect has a minimum version setting for Java.

Install a version of Java newer than the minimum version and Java will continue to function.
munkery is offline   0 Reply With Quote
Old Jan 16, 2013, 10:12 PM   #67
twigman08
macrumors 6502
 
Join Date: Apr 2012
Quote:
Originally Posted by Cubytus View Post
No ONE is forcing us to use Java, except when we install software that *require* Java for some functionalities, and that these software simply don't have an alternative as many properly-coded Flash-based sites have.

...And now I understand why battery life has dramatically fell when smartphones began to spread.
I don't get what you're talking about and where the Flash-based sites come from. This makes me think you're talking about JavaScript. If so then JavaScript has almost nothing in common with Java at all besides it just has Java in it's name. It has nothing to do with Java actually.

I say this because you brought up "flash-based" sites. Java technically allows you to do things that their is no possible way Flash could do.
twigman08 is offline   0 Reply With Quote
Old Jan 17, 2013, 09:31 AM   #68
MacMan988
macrumors 6502a
 
Join Date: Jul 2012
Quote:
Originally Posted by munkery View Post
No update from Apple is required.

XProtect has a minimum version setting for Java.

Install a version of Java newer than the minimum version and Java will continue to function.
Thanks for the reply. But again sorry for this dumb question I'm about to ask. What is XProtect? How do I know that I have it and running?
MacMan988 is offline   0 Reply With Quote
Old Jan 17, 2013, 02:54 PM   #69
Weaselboy
macrumors G5
 
Weaselboy's Avatar
 
Join Date: Jan 2005
Quote:
Originally Posted by MacMan988 View Post
Thanks for the reply. But again sorry for this dumb question I'm about to ask. What is XProtect? How do I know that I have it and running?
It is a plist settings file that contains a list of sites/apps that Apple has blocked due to malware.

Go to this screen under System Preferences/Security & Privacy/General/Advanced and make sure you have "Automatically update safe downloads list" checked.

Thumb resize.
Weaselboy is offline   0 Reply With Quote
Old Jan 17, 2013, 06:40 PM   #70
Cubytus
macrumors 65816
 
Join Date: Mar 2007
Quote:
Originally Posted by twigman08 View Post
I don't get what you're talking about and where the Flash-based sites come from. This makes me think you're talking about JavaScript. If so then JavaScript has almost nothing in common with Java at all besides it just has Java in it's name. It has nothing to do with Java actually.

I say this because you brought up "flash-based" sites. Java technically allows you to do things that their is no possible way Flash could do.
I am actually talking about Java, not Javascript. As some websites can't function properly with JS disabled (and Java, at times), some software don't work properly or at all with Java disabled.

Among those I use daily: Junos VPN client, LibreOffice, SPSS.
__________________
Ubuntu and Mac OS X user means sacrilege both to Mac and GNU/Linux communities.
Stop ranting, give feedback: http://www.apple.com/feedback
Online, my trilingual blog
Cubytus is offline   0 Reply With Quote
Old Jan 17, 2013, 09:48 PM   #71
MacMan988
macrumors 6502a
 
Join Date: Jul 2012
Quote:
Originally Posted by Weaselboy View Post
It is a plist settings file that contains a list of sites/apps that Apple has blocked due to malware.

Go to this screen under System Preferences/Security & Privacy/General/Advanced and make sure you have "Automatically update safe downloads list" checked.

Thumb resize.
Thanks. That is checked.
MacMan988 is offline   1 Reply With Quote
Old Jan 18, 2013, 12:42 AM   #72
syzygy123
macrumors newbie
 
Join Date: Jan 2013
Quote:
Originally Posted by munkery View Post
Java is no more secure on Linux and the exploit in the wild for this Java vulnerability has Linux payloads but it does't have OS X payloads.

Apple's capacity to set minimum versions for plugins via XProtect is most likely the reason that malware developers didn't bother making OS X payloads for this vulnerability.

Java is dangerous because of its inherent purpose it isn't protected by the runtime security mitigations of the host OS but only the Java sandbox which doesn't function via the host OS sandbox and the Java sandbox recently has been circumvented fairly easily.

Mac OS X and Linux pretty much have the same runtime security mitigations at the moment.

Across all versions of each OS, Mac OS X has fewer local privilege escalation vulnerabilities than Linux namely due to the fact that Mac OS X has better access controls on interprocess communication.

No methods have been demonstrated that allow remotely bypassing the runtime security mitigations in Mac OS X since the introduction of Lion. For example, Safari running on Lion was not compromised at the last Pwn2own.
Again, my gripes aren't about security, but about control. Although I do think that overall, despite vulnerabilities that all software is bound to have, OS X is pretty secure.
syzygy123 is offline   0 Reply With Quote
Old Jan 19, 2013, 11:00 AM   #73
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Java still not safe. Even Java 7u11 has known vulnerabilities.

But, the default of requiring the end user to click "OK" to run unsigned and self signed applets causes exploiting these types of vulnerabilities to now involve some social engineering.

http://arstechnica.com/security/2013...atest-version/

Last edited by munkery; Jan 19, 2013 at 11:10 AM.
munkery is offline   1 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Releases New Java 6 Updates With Enhanced Security, Uninstalls Apple-Provided Java Applet Plug-in MacRumors Mac Blog Discussion 49 Oct 22, 2013 09:58 AM
Oracle Releases Java 7 Update 13 to Address Security Issues, Reenable Web Plug-in on OS X MacRumors MacRumors.com News Discussion 134 Feb 17, 2013 12:40 PM
Oracle Releases Patch to Address Security Vulnerability in Java 7 MacRumors MacRumors.com News Discussion 63 Sep 5, 2012 01:02 PM
Newly-Discovered Java 7 Security Vulnerability Poses Risks to Macs MacRumors MacRumors.com News Discussion 149 Aug 30, 2012 03:16 PM
Apple Updates Java for Lion and Snow Leopard in Sync with Oracle MacRumors MacRumors.com News Discussion 34 Jun 14, 2012 11:38 PM

Forum Jump

All times are GMT -5. The time now is 09:52 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC