Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Once Again Blocks Java 7 Web Plug-in
- Thread starter MacRumors
- Start date
- Sort by reaction score
The problem is if you do need java - say for work purposes - and it suddenly stops working.
Most people would assume it's an internal issue, not their mac that's broken.
Most people would assume it's an internal issue, not their mac that's broken.
I had to download Java's Developer build to get Java working. This is not cool I need Java (both plugin and RunTime) for work
URL: http://jdk7.java.net/download.html
URL: http://jdk7.java.net/download.html
To fix this, for those who need Java
Go into system preferences - Security &Privacy
Under general tab, click advance button, tick off the automatically update safe download list
This essentially will prevent apple from updating your system settings, you switch off e virus protection of Mac OS so put it back on once java is fixed.
Locate the core.types.bundle under system - library - core services
Right mouse lick, then choose show package contents in the pop up menu,
Go to contents - resources - xprotect.meta.plist
Right mouse click, adjust authorizations for everyone to read write. Copy the file to your desktop.
Open it in text edit, set the java version back tom1.7.11.21
Save, copy file back into the bundle and restart your machine
Apple is an ******* company for managing security like this. They knocked out my corporate VPN connection for hours so I couldn't work.
A virus is not much worse. The do not have a clue what their business customers are doing.
Go into system preferences - Security &Privacy
Under general tab, click advance button, tick off the automatically update safe download list
This essentially will prevent apple from updating your system settings, you switch off e virus protection of Mac OS so put it back on once java is fixed.
Locate the core.types.bundle under system - library - core services
Right mouse lick, then choose show package contents in the pop up menu,
Go to contents - resources - xprotect.meta.plist
Right mouse click, adjust authorizations for everyone to read write. Copy the file to your desktop.
Open it in text edit, set the java version back tom1.7.11.21
Save, copy file back into the bundle and restart your machine
Apple is an ******* company for managing security like this. They knocked out my corporate VPN connection for hours so I couldn't work.
A virus is not much worse. The do not have a clue what their business customers are doing.
I use PC's more than Macs and I have not been affected by this issue. My point still stands that it is unprofessional of Apple to act in this way.
In business environments...
... you (your admin) should really know how to enable it again, after Apple has blocked it! Otherwise you really don't need it...
Given the fact that Mac computers are probably used by a majority of home users what Apple does is good practise here. All other people - including Power Users(tm) - know anyway how to circumvent Apple's settings.
That may be true however when Apple does this without warning any admins all these remote "home users" are stuck.
Its very unprofessional no warning just *BAM*
But ask how many people (including me) searched for an hour if not longer finding the cause(s) for this issue.
There is no clear communication from either Apple or in the UI (error message/pop-up).
I kept searching in Java Preferences and Console trying to find out why my apps don't work properly
Totally Frustrating
I am sysadmin for a San and the Fibre Channel switch requires Java in a browser to setup and monitor. It can take hours to work around Apple's security. Why not just pop up a dialog box and allow the user to decide on a case by case basis if they want to block Java?
Thanks to those who posted work arounds.
It's moments like this that I understand the Apple haters.
Sam
I am sysadmin for a San and the Fibre Channel switch requires Java in a browser to setup and monitor. It can take hours to work around Apple's security. Why not just pop up a dialog box and allow the user to decide on a case by case basis if they want to block Java?
Thanks to those who posted work arounds.
It's moments like this that I understand the Apple haters.
Sam
Apple seems to be clueless when it comes to their business customers.
This is really ridiculous. This causes as much damage for some as a potential virus attack.
Not every business user has an admin on hand, some are working in small companies or in virtual situations.
This is really a serious issue for some. Switch to windows or you should know how to are not reasonable replies.
This is really ridiculous. This causes as much damage for some as a potential virus attack.
Not every business user has an admin on hand, some are working in small companies or in virtual situations.
This is really a serious issue for some. Switch to windows or you should know how to are not reasonable replies.
You can keep saying this, but to just leave the vulnerability there would be just as unprofessional. It's not argument to leave people at risk, just for the sake of those who can't use certain things properly anymore. Apple claims safety first, troubleshoot later.
You're a JAVA developer, yet you don't understand that JRE (runtime) isn't effected by this and it's only the browser plugin that's blocked. All of your JAVA application programming is solely used in browsers?
icloud uses Java too
This is too funny
I went to www.icloud.com to make some changes to my account - which for some reason, the icloud site uses JavaScript!
Of course Safari blocks access to it. The screenshot was from Safari.
(I think MacRumors uses Java to submit reply's too.....)
This is too funny
I went to www.icloud.com to make some changes to my account - which for some reason, the icloud site uses JavaScript!
Of course Safari blocks access to it. The screenshot was from Safari.
(I think MacRumors uses Java to submit reply's too.....)
Attachments
Selective Security Restriction
Can't wait for Apple to Blow Away it's own JavaScript libraries when those security flaws come out. No Wait, they NEVER DO.
----------
Selective Security.
Apply IGNORES JavaScript Security issues, it depends on Java script.
Can't wait for Apple to Blow Away it's own JavaScript libraries when those security flaws come out. No Wait, they NEVER DO.
----------
Selective Security.
Apply IGNORES JavaScript Security issues, it depends on Java script.
I am thinking about enabling Java for Safari and only for Safari, then making sure, users only use Safari for the few trusted websites that require Java. If it is not on the list, use Firefox.
Edit to say, Some people above are confusing Java with JavaScript. They are unrelated, other than they both run on computers and can be connected to a web browser... and the confusing name.
Edit to say, Some people above are confusing Java with JavaScript. They are unrelated, other than they both run on computers and can be connected to a web browser... and the confusing name.
Agreed. Interestingly the only viable alternative I have is to run Windows! In 2013.
JavaScript does not equal Java. They have similar names, but they are not even kinda like each other....
Last edited:
You're clearly not a developer, there's a difference between a Java Based - plugin and JavaScript, they are 2 different languages, thus not the same thing.
JavaScript is too basic to block out in it's entirety as too much of the web works on JavaScript. A Java plugin on the other hand is alot less common and isn't required as much as Javascript nor is it as easily exploitable by another end-user. As the JRE(runtime) can give external users complete remote control, where with Javascript this is technically possible but alot harder to achieve.
Besides security is security, leaving any of them is irresponsible and leaving it there is not an excuse nor is it in anyway professional.
OK, OK, I'm sorry, I'm sorry.
I don't work with business/finance/banking software. I didn't realize that apparently a lot of it relies on Java applets that run in your browser.
I still think that's a dumb and vulnerable approach, but I understand that it's frustrating that you can't get work done as a result.
So, business environments aside, there is no real reason for your average Joe to need Java applets when browsing the web on a day-to-day basis, and for security reasons, they should leave it off.
I don't work with business/finance/banking software. I didn't realize that apparently a lot of it relies on Java applets that run in your browser.
I still think that's a dumb and vulnerable approach, but I understand that it's frustrating that you can't get work done as a result.
So, business environments aside, there is no real reason for your average Joe to need Java applets when browsing the web on a day-to-day basis, and for security reasons, they should leave it off.
So Apple is actively trying to stop your computer from being exploited by hackers and you think that is unacceptable?
What would you say if they did nothing and your machine got hacked?
It would be nice to know WHY stuff stops working.
Does anyone know how to see what is added regularly from Apple? I don't really feel like monitoring the blacklist file. I suppose the people who write the malware do though :-(
I use a Java based 'meeting' program from work and I don't know if it is the program or Java or the network...
Anyone know if Flash is in blacklist file?
As far as I know, the only two browser plugins that are being "protected" by Xprotect are Flash and Java. I agree, it would be nice if there was at least some sort of warning.
Maybe they were giving Oracle a chance to fix the second problem? A grace period, but Oracle has failed to deliver, so the block went into place.
----------
Ignorant post.
- Apple is constantly updating its WebKit and JavaScriptCore "libraries", on a daily basis through the WebKit project (http://www.webkit.org)
- Java (not the same as JavaScript) is not "script".
I am still using 10.6 on my personal laptop, and several of the laptops I deploy in our school district still are at 10.6. Both Java and the browser plugin are working fine. Did the standalone Java app you are using get updated? Perhaps it requires a newer version?
Have you been reading the other posts? Part of our frustration is that Apple has not communicated what they did. Protecting computers is OK, but they need to tell us what they did and give those of us rely on it (yes, some of us who work for banks, etc have to have it) a way to continue to use it if despite the risk. My company is not going to hack me. I shouldn't have to go to a rumor site to find out why my remote access doesn't work.