Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 2, 2013, 10:31 AM   #76
1Alec1
Banned
 
Join Date: Jan 2013
Location: The Democratic Republic of Congo, you racist!
Quote:
Originally Posted by Mr. Retrofire View Post
Which OS?
Leopard.
1Alec1 is offline   0 Reply With Quote
Old Feb 2, 2013, 10:50 AM   #77
justperry
macrumors 603
 
justperry's Avatar
 
Join Date: Aug 2007
Location: 7 Km South of an active upside down (boat) volcano.
Quote:
Originally Posted by 1Alec1 View Post
Leopard.
Java 5 it is, not higher.
justperry is offline   0 Reply With Quote
Old Feb 2, 2013, 11:46 AM   #78
adildacoolset
macrumors 65816
 
Join Date: Sep 2011
Location: Lusaka, Zambia(If you know where it is)
2 main things that should go out of Macs, and the world of technology for good: Java, and flash.

Nowadays, they are getting more and more negative media and the effects their legacy code is becoming more apparent
__________________
Last edited by adildacoolset; Tomorrow at 09:42 AM. Reason: grammar error
adildacoolset is offline   0 Reply With Quote
Old Feb 2, 2013, 12:37 PM   #79
carlgo
macrumors 68000
 
Join Date: Dec 2006
That Java logo is really nice. I hope some good coffee place can use it if Java is ever abandoned.
carlgo is offline   0 Reply With Quote
Old Feb 2, 2013, 12:52 PM   #80
sseaton1971
macrumors 6502
 
Join Date: Feb 2012
Quote:
Originally Posted by kot View Post
Can someone tell me what's going on on my system?

Why do the versions differ?
I'm on OS X 10.8.2
If you had Java 6 from Apple on your system, I believe the command line will display that information even if you installed Java 7 from Oracle over the top. I think installing the JDK version of Java 7 will update the command line as well. Perhaps someone else here knows that information.
sseaton1971 is offline   0 Reply With Quote
Old Feb 2, 2013, 02:16 PM   #81
scottsjack
macrumors 65816
 
Join Date: Aug 2010
Location: Arizona
Quote:
Originally Posted by adildacoolset View Post
2 main things that should go out of Macs, and the world of technology for good: Java, and flash.

Nowadays, they are getting more and more negative media and the effects their legacy code is becoming more apparent
Boo. Flash works fine on all of my Macs.
scottsjack is offline   1 Reply With Quote
Old Feb 2, 2013, 03:00 PM   #82
NeoMayhem
macrumors 6502a
 
Join Date: Aug 2003
There is a big difference between 'java' and 'java web start'. JWS really needs to go away. It has been a huge security risk for the past decade. In my opinion it is worse then flash.
NeoMayhem is offline   0 Reply With Quote
Old Feb 2, 2013, 03:13 PM   #83
adildacoolset
macrumors 65816
 
Join Date: Sep 2011
Location: Lusaka, Zambia(If you know where it is)
Quote:
Originally Posted by scottsjack View Post
Boo. Flash works fine on all of my Macs.
My issue is that it hogs a noticeable chunk of memory, and that it managed to give my mac a kernel panic twice. And those were the only two times I experienced a kernel panic on a mac. Flash did it
__________________
Last edited by adildacoolset; Tomorrow at 09:42 AM. Reason: grammar error
adildacoolset is offline   0 Reply With Quote
Old Feb 2, 2013, 03:41 PM   #84
Rocketman
macrumors 603
 
Rocketman's Avatar
 
Join Date: Dec 2001
Location: Claremont, CA
Java has not released an update for OSX before 10.6. They need to since it would be trivial. Even if they make Apple distribute it. The update servers are still active for all prior OS versions and they were all disabled 1-11-13.
__________________
Think Different-ly!
All 357 R or D House jobs bills over 4 years died in the D Senate, ordered by the D President. Buy a model rocket here: http://v-serv.com/usr/instaship-visual.htm Thanks.
Rocketman is offline   0 Reply With Quote
Old Feb 2, 2013, 04:10 PM   #85
MagnusVonMagnum
macrumors 68040
 
MagnusVonMagnum's Avatar
 
Join Date: Jun 2007
Quote:
Originally Posted by RayK View Post
I want a new Java 6 from Apple.
Given the onerous requirements of Java 7 (i.e. no Snow Leopard support despite the large numbers of people still using it), I think Apple SHOULD release a security update in this case or get Oracle to make Java 7 Snow Leopard compatible (although somehow I get the feeling that was more Apple's idea seeing how they want to push people to upgrade the OS...except that SOME Intel Macs can't be updated to Mountain Lion).

Quote:
Originally Posted by gregpod9 View Post
Java 7 Update 13 is still buggy as like the previous Java 7 versions. Java 7's print applet does not print properly. Its too bad that Apple blocked Java 6 on Mountain Lion. I have to bootcamp to Windows 7 to use the less buggy version of Java 7.
I agree it really IS buggy. If I play Scrabble on Pogo.com, the keyboard will work for about the first two rounds for chat and typing letters onto the screen and then simply stop working (it never works for the dictionary). These inputs work fine on my Macbook Pro still running Snow Leopard and Java6.

Quote:
Originally Posted by justperry View Post
WTF does THAT have to do with security vulnerabilities in things like Flash, Java or even web browsers? Not everything in this world that can harm you or your computer is a virus or trojan, after all and Macs are not invulnerable to exploits in these areas (and hacking contests have shown this again and again as the Mac/Safari is usually the one to win the prize since security hasn't been very high on Apple's agenda in the past.

In other words, I don't recall ANYONE saying a security exploit was a virus here but that's all your page is about (and shows a certain arrogance in assuming there will NEVER be a virus in the future with the, It's NOT a virus headline) and thus I must conclude the poster was spot-on with his original naive comment.

Quote:
Originally Posted by BornAgainMac View Post
Every update fixes some security flaw. Maybe it is time to just give up on Java and focus on other products.
Do you have any idea how many security patches OSX gets every update (and I think we all know how many Windows has gotten over the years)? If having a security vulnerability were a fatal flaw for any platform, there would be NO platforms out there.
__________________
Mac Mini Server 2012 (2.3GHz Quad i7, 8GB, 2x1TB RAID 0) ; External 12x Memorex Blu-Ray USB3, External WD 3x3TB,1x2TB HD USB3)
15" Matte MBP 2.4GHz, 4GB/500GB, NVidia 8600M GT; 3 ATV; 2 iPod Touch

Last edited by MagnusVonMagnum; Feb 2, 2013 at 04:28 PM.
MagnusVonMagnum is offline   1 Reply With Quote
Old Feb 2, 2013, 05:43 PM   #86
summitscout
macrumors newbie
 
Join Date: Mar 2009
Is anyone able to run Java Web Start?

I am trying to run a .jnlp file via Java Web Start version 6 (update 12 provided by Apple.)

Code:
$ java -version
java version "1.6.0_37"
Java(TM) SE Runtime Environment (build 1.6.0_37-b06-434-11M3909)
Java HotSpot(TM) 64-Bit Server VM (build 20.12-b01-434, mixed mode)

On 3 different Macs running 10.8, it will not start and I get the redirect notice above from Apple. On two of these, Java 7 needed to be uninstalled. On one, Java 7 was never installed. It seems like Apple is also blocking Java 6, though there is no notice of it. This is the first thread I've found all week with others claiming Java 6 is blocked.

Going through user logs, I did find plenty of users running the app with Mac OS 10.6 and one with 10.7. Anyone else able to run Web Start on 10.7 or 10.8?

Also, I tried removing the Java references from the XProtect.plist and the XProtect.meta.plist files, but no go on Java 6 even after a reboot. Anyone know where else Apple is blocking Java 6 from starting? Thanks!
__________________
Mid 2010 MacBook Pro 15" Core i7
Early 2009 Mac Pro 2 x 2.26 GHz, ATI Radeon HD 4870, 6 GB, 20" Apple Cinema Display
CommunityMX
summitscout is offline   0 Reply With Quote
Old Feb 2, 2013, 05:46 PM   #87
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by MagnusVonMagnum View Post
WTF does THAT have to do with security vulnerabilities in things like Flash, Java or even web browsers? Not everything in this world that can harm you or your computer is a virus or trojan, after all and Macs are not invulnerable to exploits in these areas (and hacking contests have shown this again and again as the Mac/Safari is usually the one to win the prize since security hasn't been very high on Apple's agenda in the past.
Safari on a Mac running Lion was not hacked at the last pwn2own.

No methods have been demonstrated to bypass the runtime security mitigations in Mac OS X Lion and Mountain Lion.

So, Safari and Flash, which utilize theses runtime security mitigations, haven't been shown to be a liability in terms of exploitation in these more recent versions of OS X.

The execution of Java applets isn't protected by these runtime security mitigations so Java is still a liability but Apple's ability to quickly blacklist vulnerable Java web plugin versions mitigates exploits targeting Java to the point that malware developers don't even bother producing payloads for OS X.

Also, see the following:

Quote:
1) Until Vista, the admin account in Windows did not implement DAC in a way to prevent malware by default. Also, Windows has a far greater number of privilege escalation vulnerabilities that allow bypassing DAC restrictions even if DAC is enabled in Windows.

Much of the ability to turn these vulnerabilities into exploits is due to the insecurity of the Windows registry. Also, more easily being able to link remote exploits to local privilege escalation exploits in Windows is due to the Windows registry.

Mac OS X does not use an exposed monolithic structure, such as the Windows registry, to store system settings. Also, exposed configuration files in OS X do not exert as much influence over associated processes as the registry does in Windows.

Mac OS X Snow Leopard has contained only 4 elevation of privilege vulnerabilities since it was released; obviously, none of these were used in malware. Lion has contained 2 so far but one of these vulnerabilities doesn't affect all account types because of being due to a permissions error rather than code vulnerability.

The following link shows the number of privilege escalation vulnerabilities in Windows 7 related to just win32k:

http://cve.mitre.org/cgi-bin/cvekey....yword=win32k+7

More information about privilege escalation in Windows 7:

http://www.exploit-db.com/bypassing-...vista7-mirror/ -> guide to develop exploits to bypass UAC by manipulating registry entries for kernel mode driver vulnerabilities.

https://media.blackhat.com/bh-dc-11/...nelpool-wp.pdf -> more complete documentation about Windows kernel exploitation.

http://mista.nu/research/mandt-win32k-paper.pdf -> more complete documentation about alternative methods to exploit the Windows kernel.

http://threatpost.com/en_us/blogs/td...net-bug-120710 -> article about the TDL-4 botnet which uses a UAC bypass exploit when infecting Windows 7.

2) Windows has the potential to have full ASLR but most software does not fully implement the feature. Most software in Windows has some DLLs (dynamic link libraries = Windows equivalent to dyld) which are not randomized.

http://secunia.com/gfx/pdf/DEP_ASLR_2010_paper.pdf -> article overviewing the issues with ASLR and DEP implementation in Windows.

Also, methods have been found to bypass ASLR in Windows 7.

http://vreugdenhilresearch.nl/Pwn2Ow...tExplorer8.pdf -> article describing bypassing ASLR in Windows 7.

Mac OS X has full ASLR implemented on par with Linux. This includes ASLR with position independent executables (PIE). DLLs in Windows have to be pre-mapped at fixed addresses to avoid conflicts so full PIE is not possible with ASLR in Windows.

Using Linux distros with similar runtime security mitigations as Lion for a model, client-side exploitation is incredibly difficult without some pre-established local access. Of course, this is self defeating if the goal of the exploitation is to achieve that local access in the first place.

See the paper linked below about bypassing the runtime security mitigations in Linux for more details.

http://www.blackhat.com/presentation...slr-slides.pdf

The author only manages to do so while already having local access to the OS.

3) Mac OS X Lion has DEP on stack and heap for both 64-bit and 32-bit processes. Third party software that is 32-bit may lack this feature until recompiled in Xcode 4 within Lion. Not much software for OS X is still 32-bit.

But, not all software in Windows uses DEP; this includes 64-bit software. See first article linked in #2.

4) Mac OS X implements canaries using ProPolice, the same mitigation used in Linux. ProPolice is considered the most thorough implementation of canaries. It is known to be much more effective than the similar system used in Windows.

http://www.blackhat.com/presentation...rman-paper.pdf -> article comparing ProPolice to stack canary implementation in Windows.

5) Application sandboxing and mandatory access controls (MAC) in OS X are the same thing. More specifically, applications are sandboxed in OS X via MAC. Mac OS X uses the TrustedBSD MAC framework, which is a derivative of MAC from SE-Linux. This system is mandatory because it does not rely on inherited permissions. Both mandatorily exposed services (mDNSresponder, netbios...) and many client-side apps (Safari, Preview, TextEdit…) are sandboxed in Lion.

Windows does not have MAC. The system that provides sandboxing in Windows, called mandatory integrity controls (MIC), does not function like MAC because it is not actually mandatory. MIC functions based on inherited permissions so it is essentially an extension of DAC (see #1). If UAC is set with less restrictions or disabled in Windows, then MIC has less restrictions or is disabled.

http://www.exploit-db.com/download_pdf/16031 -> article about Mac sandbox.

http://msdn.microsoft.com/en-us/libr...(v=VS.85).aspx -> MS documentation about MIC.

https://media.blackhat.com/bh-eu-11/...xes-Slides.pdf -> researchers have found the MIC in IE is not a security boundary.

6) In relation to DAC and interprocess sandboxing in OS X in comparison with some functionality of MIC in Windows 7 (see #5), the XNU kernel used in OS X has always had more secure interprocess communication (IPC) since the initial release of OS X.

Mac OS X, via being based on Mach and BSD (UNIX foundation), facilitates IPC using mach messages secured using port rights that implement a measure of access controls on that communication. These access controls applied to IPC make it more difficult to migrate injected code from one process to another.

Adding difficulty to transporting injected code across processes reduces the likelihood of linking remote exploits to local exploits to achieve system level access.

As of OS X Lion, the XPC service has also been added to implement MAC (see #5) on IPC in OS X. (http://developer.apple.com/library/m...CServices.html)

7) Security benefits of a UNIX foundation

Not all software vulnerabilities are exploitable. Vulnerabilities that are not exploitable only allow a denial of service condition upon being triggered. Exploitable vulnerabilities allow code execution when triggered.

There are two methods to achieve code execution in relation to buffer overflows:

1) RET overwrite -> control return address of instruction pointer

2) SEH (structured exception handler) overwrite -> control content of handler that will be executed upon an exception

To clarify:

Quote:
While typical stack-based buffer overflows work by overwriting the return address in the stack, SEH overwrites work by overwriting the handler attribute of an exception registration record that has been stored on the stack. Unlike overwriting the return address, where control is gained immediately upon return from the function, an SEH overwrite does not actually gain code execution until after an exception has been generated. The exception is necessary in order to cause the exception dispatcher to call the overwritten handler.
Basically, SEH overwrites provide a second method to exploit a vulnerability in the event that a RET overwrite is unsuccessful or not exploitable. Obviously, more vectors being available to facilitate exploiting a vulnerability increases the number of vulnerabilities that are exploitable. SEH overwrites reduce the number of vulnerabilities that only produce a denial of service condition.

Mitigations have been developed to prevent SEH overwrites. These include SafeSEH and SEHOP. Methods are known that allow bypassing both mitigations.

SafeSEH is bypassed if only one component of the program doesn't implement this mitigation; it is common that not all components implement SafeSEH.

SEHOP is bypassed if ASLR is compromised via a memory disclosure vulnerability.

So, what does this have to do with the security benefits of a UNIX foundation?

UNIX and UNIX-like operating systems, such as Mac OS X and Linux, don't have structured exception handling. So, SEH overwrites, as a vector to increase the number of exploitable vulnerabilities, doesn't exist in these operating systems. The signalling system used in these operating systems isn't liable to this type of manipulation.

SEH overwrites do provide a plausible explanation for more vulnerabilities being exploitable in Windows.

http://www.i-hacked.com/freefiles/Ea...ploit_v1.3.pdf

http://www.sysdream.com/sites/defaul...s/sehop_en.pdf

8) Windows has far more public and/or unpatched vulnerabilities than OS X.

http://m.prnewswire.com/news-release...110606584.html -> article about 18 year old UAC bypass vulnerability.

9) Password handling in OS X is much more secure than Windows.

The default account created in Windows does not require a password. The protected storage API in Windows incorporates the users password into the encryption key for items located in protected storage. If no password is set, then the encryption algorithm used is not as strong. Also, no access controls are applied to items within protected storage.

In Mac OS X, the system prompts the user to define a password at setup. This password is incorporated into the encryption keys for items stored in keychain. Access controls are implemented for items within keychain.

Also, Mac OS X Lion uses a salted SHA512 hash, which is still considered cryptographically secure. It is more robust than the MD4 NTLMv2 hash used to store passwords in Windows 7.

http://www.windowsecurity.com/articl...ord-Part1.html -> article about Windows password hashing.

10) The new runtime security mitigation improvements to be included in Windows 8 have already been defeated.

http://vulnfactory.org/blog/2011/09/...op-mitigation/

To put this into perspective, methods to bypass the new runtime security mitigations in Mac OS X Lion are not yet available.

11)In regards to recent earlier version of Mac OS X:

The following article relates to varying levels of security mitigations in different Linux distros but it is applicable in revealing that the runtime security mitigations in some earlier versions of Mac OS X prior to Lion were far from inadequate.

http://www.blackhat.com/presentation...slr-slides.pdf

While Mac OS X Leopard/SL lack full ASLR, Windows Vista/7 have stack canaries (aka stack cookies) that are trivial to bypass.

The following link shows the issues with stack canaries in Windows. -> http://www.blackhat.com/presentation...rman-paper.pdf

So:

Windows Vista/7 = NX + ASLR
Mac OS X Leopard/SL = NX + stack cookies

These articles show that NX in combination with stack canaries is more difficult to bypass than a combination of NX and ASLR.

12) Mountain Lion only improves upon the security of Lion.

BTW, Safari on a Mac running Lion was not hacked at the last pwn2own.
Microsoft is a major sponsor of pwn2own and that sponsorship contributes to the prize money awarded to security researchers. So, the researchers have a vested interest in presenting the results of the event in favour of Microsoft to prevent that sponsorship from being revoked.

Pwn2own is an exemplar of bias in research due to the funding source.

Last edited by munkery; Feb 2, 2013 at 08:15 PM.
munkery is offline   2 Reply With Quote
Old Feb 2, 2013, 06:57 PM   #88
Stratus Fear
macrumors 6502
 
Join Date: Jan 2008
Location: Atlanta, GA
Quote:
Originally Posted by jkoerber View Post
Well, once again us poor 10.6.8 users are left out in the cold again. Just downloaded the JREu13 update installed and got this fabulous response. And now I cannot generate security keys in OSX for our clients since our provider uses Java Applets...

And don't even start asking me "why haven't you upgraded to Lion, blah blah blah..." I'm stuck in 10.6.8 for the foreseeable future for software compatibility issues.
Install Xcode and open the Java 7 pkg in PackageMaker. You can remove the system version check in there and rebuild the installer package. I did this with the Java 7 JDK from Oracle's site, and it works fine both on the command line and in a browser. Oracle's restriction here seems to be an artificial one. Edit: You may have to re-order your JVMs in Java Preferences.app in order for 7 to be the default JVM.

Quote:
Originally Posted by sseaton1971 View Post
If you had Java 6 from Apple on your system, I believe the command line will display that information even if you installed Java 7 from Oracle over the top. I think installing the JDK version of Java 7 will update the command line as well. Perhaps someone else here knows that information.
Yes, installing the JDK will also update the command line version.

Last edited by Stratus Fear; Feb 2, 2013 at 07:05 PM.
Stratus Fear is offline   0 Reply With Quote
Old Feb 2, 2013, 07:06 PM   #89
Mr. Retrofire
macrumors 601
 
Mr. Retrofire's Avatar
 
Join Date: Mar 2010
Location: www.emiliana.cl
Quote:
Originally Posted by adildacoolset View Post
My issue is that it hogs a noticeable chunk of memory, and that it managed to give my mac a kernel panic twice. And those were the only two times I experienced a kernel panic on a mac. Flash did it
In many cases the OS causes the kernel panics, not an application or plugin. It is nearly impossible, that a user space app or plugin causes a kernel panic, because these apps or plugins run in a different address space and cannot write data in the kernel address space. Only the kernel, kernel extensions and certain IOKit-based software, which must run with root or super user privileges can write data in the kernel address space.
__________________

“Only the dead have seen the end of the war.”
-- Plato --
Mr. Retrofire is offline   0 Reply With Quote
Old Feb 2, 2013, 07:33 PM   #90
AidenShaw
macrumors G5
 
AidenShaw's Avatar
 
Join Date: Feb 2003
Location: The Peninsula
Quote:
Originally Posted by Mr. Retrofire View Post
In many cases the OS causes the kernel panics, not an application or plugin. It is nearly impossible, that a user space app or plugin causes a kernel panic, because these apps or plugins run in a different address space and cannot write data in the kernel address space. Only the kernel, kernel extensions and certain IOKit-based software, which must run with root or super user privileges can write data in the kernel address space.
In other words, there is a flaw in Apple OSX that Flash happens to trigger.

It is Apple's bug, not Adobe's problem.
__________________
Edward Snowden - American Hero.
Daniel Ellsberg: "Edward Snowden: Saving Us from the United Stasi of America"
Marriage equality is unstoppable
AidenShaw is offline   0 Reply With Quote
Old Feb 2, 2013, 08:37 PM   #91
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by AidenShaw View Post
In other words, there is a flaw in Apple OSX that Flash happens to trigger.

It is Apple's bug, not Adobe's problem.
Not necessarily, the issue could be due to an installation error or hardware problem that are entirely unique to that individual system.
munkery is offline   0 Reply With Quote
Old Feb 3, 2013, 12:36 AM   #92
dguatelli
macrumors newbie
 
Join Date: Feb 2013
Quote:
Originally Posted by kot View Post
Can someone tell me what's going on on my system?

Why do the versions differ?
I'm on OS X 10.8.2
I am showing the same thing on my mac. However, I am on 10.7.5 Not sure why these are different, other than the runtime version is what was installed by Apple?
dguatelli is offline   0 Reply With Quote
Old Feb 3, 2013, 12:39 AM   #93
1Alec1
Banned
 
Join Date: Jan 2013
Location: The Democratic Republic of Congo, you racist!
Quote:
Originally Posted by dilbert99 View Post
a bit naive?
Not if he's never been breached. The only malware that's ever gotten onto my Mac has been Norton Antivirus, and FindAnyFile fixed that

----------

Quote:
Originally Posted by justperry View Post
Java 5 it is, not higher.
I know I can't do anything about it, but that really sucks.
1Alec1 is offline   0 Reply With Quote
Old Feb 3, 2013, 12:40 AM   #94
dguatelli
macrumors newbie
 
Join Date: Feb 2013
I am running OS X Lion 10.7.5. I have upgraded to Java 7 v. 13. I am still not able to print secure documents sent via Watchdox.
dguatelli is offline   0 Reply With Quote
Old Feb 3, 2013, 12:41 AM   #95
1Alec1
Banned
 
Join Date: Jan 2013
Location: The Democratic Republic of Congo, you racist!
Quote:
Originally Posted by zifty View Post
Writing 100% secure & bug free software is impossible (beyond simple "hello world" applications).
You can still alter "Hello World!"'s memory with another program like TheCheat
1Alec1 is offline   0 Reply With Quote
Old Feb 3, 2013, 12:48 AM   #96
mrkgoo
macrumors 65816
 
Join Date: Aug 2005
Is there an Apple update for Java 1.6.0_37 -> 1.6.0_39 for Mountain Lion?

Some stuff I did required Java and it got it from Apple. Is the only way to update now from Oracle?
mrkgoo is offline   0 Reply With Quote
Old Feb 3, 2013, 04:44 AM   #97
Negritude
macrumors regular
 
Join Date: Jul 2011
Quote:
Originally Posted by RayK View Post
I want a new Java 6 from Apple.
Java 6 is EOL. The update they just issued for SL is most likely the last one.

If you're using Lion or ML, you should disable Java 6 completely.

If you're using SL, you should figure out a way to install Java 7.
Negritude is offline   0 Reply With Quote
Old Feb 3, 2013, 09:05 AM   #98
Rocketman
macrumors 603
 
Rocketman's Avatar
 
Join Date: Dec 2001
Location: Claremont, CA
I have no objection to Apple not supporting older Java installs. But actively disabling them with no opt out provision "is" support. If you "are" going to "support" (cripple) it, at least make it possible on some level to run the Java apps we have been all along on older OS versions. Java will run on essentially any *nix, so pretty much any version of OSX ever should be compatible with whatever update is needed. Just set the update servers to install it.
__________________
Think Different-ly!
All 357 R or D House jobs bills over 4 years died in the D Senate, ordered by the D President. Buy a model rocket here: http://v-serv.com/usr/instaship-visual.htm Thanks.
Rocketman is offline   0 Reply With Quote
Old Feb 3, 2013, 09:38 AM   #99
justperry
macrumors 603
 
justperry's Avatar
 
Join Date: Aug 2007
Location: 7 Km South of an active upside down (boat) volcano.
Quote:
Originally Posted by MagnusVonMagnum View Post
WTF does THAT have to do with security vulnerabilities in things like Flash, Java or even web browsers? Not everything in this world that can harm you or your computer is a virus or trojan, after all and Macs are not invulnerable to exploits in these areas (and hacking contests have shown this again and again as the Mac/Safari is usually the one to win the prize since security hasn't been very high on Apple's agenda in the past.

In other words, I don't recall ANYONE saying a security exploit was a virus here but that's all your page is about (and shows a certain arrogance in assuming there will NEVER be a virus in the future with the, It's NOT a virus headline) and thus I must conclude the poster was spot-on with his original naive comment.
Several reasons I linked him to that page.

1. A newbie, newbies tend to get all paranoid about Virus/Malware.(might be ex PC/Windows)

2. On that page it explains that you don't need to be paranoid as long as you follow some guidelines, one of them is to disable Java in Safari, it's all under "What security steps should I take?"

3. I am on OS X since the beginning and never had anything on my mac, so again why write in a post "naive" when the chance is soooooo low it won't affect you if you follow that page.

4 Oh, and the is this post from munkery a few places below yours (#87) which explains why Macs are much more secure.
justperry is offline   0 Reply With Quote
Old Feb 3, 2013, 10:19 AM   #100
aprilfools
macrumors regular
 
Join Date: Dec 2004
Location: Southern California
Kakatoa East of Java...
__________________
Mac user since 1988
aprilfools is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Releases New Java 6 Updates With Enhanced Security, Uninstalls Apple-Provided Java Applet Plug-in MacRumors Mac Blog Discussion 49 Oct 22, 2013 09:58 AM
Apple Releases Safari and Java Updates With Plug-In and Security Improvements MacRumors MacRumors.com News Discussion 77 Apr 23, 2013 03:09 PM
Oracle Updates Java 7 to Address Security Vulnerability MacRumors MacRumors.com News Discussion 72 Jan 19, 2013 11:00 AM
Oracle Releases Patch to Address Security Vulnerability in Java 7 MacRumors MacRumors.com News Discussion 63 Sep 5, 2012 01:02 PM
Oracle releases Java 7 update 6, bringing full OS X support for the first time wrldwzrd89 Apple, Industry and Internet Discussion 1 Aug 14, 2012 05:46 PM

Forum Jump

All times are GMT -5. The time now is 12:37 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC