Java update asked for password?

ArtOfWarfare · Jan 14, 2014

Java popped up and said a new version was available... I don't know what the major number was, but the minor number was 51, as I recall.

I gave it the okay. A few seconds later it popped up a message, "This update is locked by a password" with a text field labeled "Password". This wasn't the typical OS X password window. It didn't even specify which password it wanted (user, admin, root... or perhaps some password to a file or something?) I left the field blank and just hit "Unlock".

Since hitting that unlock button about 10 minutes ago, it's been saying it's "Extracting update..." with an indeterminate progress bar below it. I feel like it should have failed by now if it was a legitimate update. I googled around for anyone else mentioning the window... all that came up was a discussion six years old about how an old version of Sparkle (an application framework for making it easy for developers to have their apps autoupdate) would ask for your password if it failed to mount a DMG or something like that.

I'm wondering... is this some kind of trojan? I have no idea how I would have gotten it, given I have Click to Plugin installed in Safari, which is up to date and the only browser I use on this computer. I suppose I just downloaded Paint Code yesterday... I can't think of anything else I've really done with this computer recently.

(It's still behaving exactly the same... it's now been at it for 15 minutes.)

MisterMe · Jan 14, 2014

So you want to know if an update that you don't know to a Java version that you don't know is legitimate? I don't know.

simontay78 · Jan 15, 2014

I also encountered the same problem with the update is locked with a password.

I cancelled it and it stay running for a few minutes until I quit it using activity monitor.

I searched online and found this forum post & retried to upgrade again via system preference -> Java -> upgrade

This time there's no password requirement.

Hmmmm Maybe the upgrade is password locked previously internally and pushed the update too quickly and discovered the mistake and updated the file with one that does not need a password to "extract".

Got a feeling someone password locked a compress file accidentally, compression is required to save on bandwidth I guess.

Bent Larsen · Jan 15, 2014

Exactly the same issue....

I searched online and found this forum post & retried to upgrade again via system preference -> Java -> upgrade

This seems to work.

ArtOfWarfare · Jan 15, 2014

I eventually quit it last night. Tonight, it tried updating again. This time, the password window was the proper OS X password window and it said something about trying to install an update helper tool or something. I gave it my password and it updated fine.

According to wikipedia, Java 7 update 51 (the version that just installed - the same version I mentioned in my opening post) is the latest version and was released yesterday.

dza · Jan 16, 2014

I wrote Oracle/Java.

http://bugreport.sun.com/bugreport/main.jsp

^ Bottom: "Report an issue".

I wish/hope this is something that just looks suspicious but isn't - although my inituition tells me otherwise - and I promised to listen to my inituition more (after not listening had amazing backfiring consequences for me)!

I'm currently scanning my system with ClamXav - afterwards I will try Bitdefender.

If someone has more suggestions please step up.

bogdannistor · Jan 16, 2014

Any news on this issue? I encountered it too

LostSoul80 · Jan 16, 2014

There is no evidence at all of anything behaving like a trojan.
The fact that apps may not follow Apple's requirements to get a password doesn't mean they are malware.
Get the process name of this updater. Locate it, and perhaps update here.

Fishrrman · Jan 17, 2014

I would expect any upgrade to include the request for an administrative password before it will install.

I recently installed both the flash and java updaters, and both required passwords to modify the existing software. Quite normal.

geek2b · Jan 17, 2014

frozen

Java update is frozen.. it's udpating since 50 minutes.
i don't know what to do.

MikB · Jan 17, 2014

You're misrepresenting the story of the OP

Fishrrman said:
I would expect any upgrade to include the request for an administrative password before it will install.

I recently installed both the flash and java updaters, and both required passwords to modify the existing software. Quite normal.

You're misrepresenting the story of the OP, who got a non-standard (for OS X) dialog stating the update itself was "locked" with a password.

I got it too just now.

MikB · Jan 18, 2014

dza said:
I wrote Oracle/Java.

http://bugreport.sun.com/bugreport/main.jsp

^ Bottom: "Report an issue".

I reported. Thanks for the link.

dza · Jan 20, 2014

If anyone ever sees this dialog again - please link/attach a screenshot!

The more screenshots the better.

And a

"ps aux" output (Terminal command) of the active Java application/update would be handy as well.

uberduck · Jan 20, 2014

Excuse the blurriness since I was updating a headless off-site mac.

dza said:
If anyone ever sees this dialog again - please link/attach a screenshot!

The more screenshots the better.

And a

"ps aux" output (Terminal command) of the active Java application/update would be handy as well.

zigmoo · Jan 23, 2014

Fix: Download Java Installer from java.com

This worked for me!

jonjensen · Jan 23, 2014

Anyone found out any more about this issue? I experienced the same thing today. Thanks.

tapoensgen · Jan 26, 2014

Java update asked for password?

Weird behaviour this. I have had the same issue with the update to the previous version 7.45. I was unable to find any solution or hint so resorted to the manual installation from http://java.com/en/download/mac_download.jsp. This installed the update without prompting for an unlock code, purely prompting for the system password as expected. Hopefully someone at Apple / Oracle gets to fixing this.

bsapp100 · Jan 31, 2014

Screenshot And One Explanation

Just curious... of the people that experienced this problem... were they on corporate networks?

I saw the same thing at my company and it turned out to be caused by some network security equipment that was virus scanning traffic as it came into the network. Something it didn't like about .DMG files.

jonjensen · Feb 1, 2014

Mine was not on a corporate network.

rsfinn · Feb 1, 2014

Known issue, apparently

I encountered the same issue today and found this thread after a Google search.

The Oracle release notes for 1.7.0_51 include this item:

Area: install/install
Synopsis: [macosx] Scheduled AU - cannot auto update on Mac 10.9

On Mac OS 10.9, when a scheduled Java (auto) update is initiated, the installer may become unresponsive.

The following workarounds should be performed by users facing this issue:

Manually install the updated pkg from java.com
Trigger an update through the Java Control Panel

This seems to confirm the various suggestions posted above.

bkmacy · Feb 2, 2014

Sciuriware · Apr 3, 2014

Java update on mavericks

Hi,
as long as I have been using JAVA 7, I always first moved the old version
to the Trash and then installed the new version without a problem.
First thing I do after installation is to disable the [v] update option.

By the way, there are many other software products that do not update
properly, also on LINUX and MSWindows.
Especially on OSX with its easy uninstall/install nature, just do not update!
Your preferences are under /Users/<you>, so those are always retained.
;JOOP!

Graig · Apr 4, 2014

Sciuriware said:
Hi,
as long as I have been using JAVA 7, I always first moved the old version
to the Trash and then installed the new version without a problem.
First thing I do after installation is to disable the [v] update option.

By the way, there are many other software products that do not update
properly, also on LINUX and MSWindows.
Especially on OSX with its easy uninstall/install nature, just do not update!
Your preferences are under /Users/<you>, so those are always retained.
;JOOP!

Then to do that you would go to Java preferences and uncheck the check for updates automatically checkbox, am I correct in this?

MacMan988 · Apr 4, 2014

Is it "Java 7 Update 51" the new update? If then, it seems like it has been silently updated in the background for me.

sirkkalap · Apr 22, 2014

JDK 7 u 55: "This update is locked with a password."

It is unfortunate that some vendors push bad security practices.

The JDK 7 update 55 is showing "This update is locked with a password." popup.

It is obvious that you would not give your password to any stranger asking it on the street, and this prompt is no different from a stranger. You have no way of telling where that password will be used.

It is a good practice to use system services for transparent and trusted way to ask for additional privileges. This update clearly violates this principle.

Below is a screenshot displaying the popup along with plausible ps axu listing showing that it might indeed be Oracle's update prompting for some password.

Shame on Oracle for making phishing user credentials one step easier.

https://www.dropbox.com/s/znoavsap0dv9ruw/Screenshot%202014-04-22%2019.15.53.png

Java update asked for password?

macrumors G3

macrumors G4

macrumors newbie

macrumors newbie

macrumors G3

macrumors member

macrumors newbie

macrumors 68020

macrumors Penryn

macrumors newbie

macrumors member

macrumors member

macrumors member

macrumors newbie

macrumors newbie

macrumors newbie

macrumors newbie

macrumors newbie

Attachments

macrumors newbie

macrumors newbie

macrumors newbie

macrumors 6502a

macrumors 6502

macrumors 6502a

macrumors newbie

Our Staff