Oracle Releases Java 7 Update 13 to Address Security Issues, Reenable Web Plug-in on OS X

[MacMan988]

It seems no matter how secure and defensive your mac is, java will be always there to open a backdoor in it.

[dilbert99]

Quote:

Originally Posted by fahlman

http://support.apple.com/kb/DL1573

My Mac is not insecure.

.

a bit naive?

[munkery]

Quote:

Originally Posted by Puevlo

It's scary just how unsecure Macs really are.

This Java vulnerability affected all systems with Java installed so that includes Windows, Linux, and etc.

Also, no payloads targeting OS X have been included for exploits of this vulnerability in the wild but payloads for Windows and Linux are circulating in the wild.

This lack of payloads is most likely due to Apple being able to quickly blacklist vulnerable version of plugins.

So, at least Apple is doing something to effectively mitigate this vulnerability from being exploited in the wild.

[RMo]

Quote:

Originally Posted by fahlman

When will we get a proper Preference Pane? It's little things like this that tells me they are doing as little as possible to support Java on Mac OS X.

I doubt that will happen. The Preference Pane appears to be a constant across all versions of Java, being no more than a "stub" that launches a Java application that contains the actual preferences--the same Java preferences that you'd find on any other platform. They'd have to re-write it using (most likely Objective C and) Cocoa, which I suspect they are not likely to want to do given that it goes against the cross-platform advantage of Java itself. Or Apple could let Java app(let)s be embedded in the System Preferences app.

[justperry]

Quote:

Originally Posted by dilbert99

a bit naive?

Mac Virus/Malware FAQ - Mac Guides

[Mr. Retrofire]

Quote:

Originally Posted by dilbert99

a bit naive?

No.

[ipetro]

Quote:

Originally Posted by pgiguere1

Direct link to update.

This does not work.
You need to navigate to http://www.java.com/en/download/testjava.jsp
here you can test if you have it.

[canadianpj]

Quote:

Originally Posted by cosmos

Unless you absolutely need Java installed, do yourself a big favor and uninstall it. Trust me, you will sleep better at night.

Or just disable it in the browser. It's of use to me for programs like Minecraft and Crashplan. I'm not worried about it when it's out of the browser.

[1Alec1]

Whatever. Is there a 32-bit version available for my MacBook, or will I be stuck with Java 5? I guess this is a rhetorical question.

[Mr. Retrofire]

Quote:

Originally Posted by 1Alec1

Whatever. Is there a 32-bit version available for my MacBook, or will I be stuck with Java 5? I guess this is a rhetorical question.

Which OS?

[jonatron]

Quote:

Originally Posted by fahlman

Apple doesn't maintain Java 1.7.x. You would be better served looking here: http://www.oracle.com/technetwork/to...3-1841061.html

Yes thanks for that but I am fully aware that Apple doesnt maintain Java.

I'm looking for the info on their site from Apple about why they blocked it. Guidance for this going forward. Maybe some kind of press release. I work in IT and this kind of secretive update is not acceptable. Businesses need some communication from Apple. A solitary pop up which doesnt explain anything apart from I have to update (when there isnt even an update available) is just not enough.

Im sorry but that is not Oracle's responsibility, they didnt block it. Their responsibility is on fixing and releasing updates for Java, and communicating about them, not having to explain Apple's dirty work.

I'm not sticking up for java here BOTH Apple and Java at fault.

[Tech198]

Another fix ...

Job well done..... Now lets exploit it.

[kot]

Can someone tell me what's going on on my system?

Why do the versions differ?
I'm on OS X 10.8.2

[justperry]

Quote:

Originally Posted by kot

Can someone tell me what's going on on my system?

Why do the versions differ?
I'm on OS X 10.8.2

As far as I can tell your internet plugin is Java 7 while the runtime is Java 6.

I could be wrong though.

[photographypro]

Quote:

Originally Posted by Puevlo

It's scary just how unsecure Macs really are.

It's not Macs, it's Java.

[AZ-WET]

And finally I can read macrumors.com as normal again

[tlinford]

I use an important WebApp, run by Medtronic, enabling me to upload data from an Insulin Pump, which helps me to manage my type 1 Diabetes;

The Medtronic CareLink used a Java Applet to drive a wireless device to communicate between the Insulin Pump and the CareLink system..

Every-time Apple blocks, it shuts me out of my medical care, every-time Java update we have to wait for medical testing certification....

It has been an uphill struggle for a number of years to get medical companies to support Mac,

This situation is hardly going to help, is it?

[justperry]

Quote:

Originally Posted by tlinford

I use an important WebApp, run by Medtronic, enabling me to upload data from an Insulin Pump, which helps me to manage my type 1 Diabetes;

The Medtronic CareLink used a Java Applet to drive a wireless device to communicate between the Insulin Pump and the CareLink system..

Every-time Apple blocks, it shuts me out of my medical care, every-time Java update we have to wait for medical testing certification....

It has been an uphill struggle for a number of years to get medical companies to support Mac,

This situation is hardly going to help, is it?

I genuinely feel sorry for you.

I do think that the one which provides this service aren't really smart, now are they.
It already happened a few times, and to rely on an non secure java plugin for healthcare is stupid in my opinion, not your fault, it's the service provider of yours.
About the bolded part, Apple blocks it which sux, but you also say that you have to wait for medical testing certification, now this is sooooo stupid of Medtronic, why they even have this is beyond my understanding.

Similar to Banks, Most/All of Norwegian banks were not accessible if you have a Mac and the former Java plugin (WTF).

We as consumers don't need java, business Yes.

[GTIman]

Remind me why is there a need for Java.. Don't think i have any apps that need it.

[zifty]

Quote:

Originally Posted by photographypro

It's not Macs, it's Java.

Writing 100% secure & bug free software is impossible (beyond simple "hello world" applications). There are major holes in every OS and app. Finding these is not trivial. Oracle should have fixed these bugs earlier, but they are fixed now. Hopefully they learned a lesson and will continue to keep up with newly discovered bugs. But I can guarantee you there are still exploits to be had in Java, and in OS X too.

The only truly secure computer is one that doesn't turn on.

[justperry]

Quote:

Originally Posted by zifty

Writing 100% secure & bug free software is impossible (beyond simple "hello world" applications). There are major holes in every OS and app. Finding these is not trivial. Oracle should have fixed these bugs earlier, but they are fixed now. Hopefully they learned a lesson and will continue to keep up with newly discovered bugs. But I can guarantee you there are still exploits to be had in Java, and in OS X too.

The only truly secure computer is one that doesn't turn on.

Show me a major hole in OS X.

[eco7777]

java says she does't know if i have java installed…what gives?

[bbeagle]

Quote:

Originally Posted by zifty

Writing 100% secure & bug free software is impossible ... There are major holes in every OS and app. Finding these is not trivial. ........ But I can guarantee you there are still exploits to be had in Java, and in OS X too.

I agree and disagree with your assessment.

Yes, I agree that there are always flaws to be found. Most of it depends on the security of the Operating System, and what functions it allows developers to call, and what side effects any of those might have if developers either intentionally or unintentionally send incorrect parameters.

But for every APP to have major holes is just plain false. Every app, for example, a game, might have no holes because it only allows interaction with a user through a joystick, keyboard arrow keys, or such simple interaction. There is no way to pass bad inputs to the game. Something different like a spreadsheet program might be able to save things to a hard drive which might be compromised if there is bad code, or especially if there is a scripting language which allows arbitrary code to be run in the spreadsheet program.

Java is insecure because it is a gatekeeper for developers to write whatever they want to. Java could be very secure if it was dumbed down, like not allowing any programs to write to a hard drive or send out a web request. But then, it wouldn't be a programming language anymore.

[fahlman]

Quote:

Originally Posted by dilbert99

a bit naive?

Far from it. I didn't say impenetrable.

By the way, I've been at Mac admin for almost 20 years, since System 7 and AppleShare IP, at printing companies, newspaper/magazine publisher, state university and as a consultant. I've been an Apple Certified Support Professional since 10.6 up to and including 10.8. I'm also an Apple Certified Macintosh Technician.

I will say I just noticed Apple's link redirects the old Java for Mac OS X 10.6 Update 11, not Java for Mac OS X 10.6 Update 12. This is a live link to the download so if you click it it'll immediately begin downloading the .dmg. As an alternative you can go to http://support.apple.com/downloads/ where currently Java for Mac OS X 10.6 Update 12 is the first available download. Don't click the link to the support article because it'll take you to the old version. Click the download button to receive the correct version.

[C DM]

So, again, for those who need the Java web plug-in, why not simply use another browser that supports it, like Firefox (where it can even be quickly enabled if it becomes disabled)?