Apple Again Blocks Older Versions of Java Over Vulnerability

Discussion in 'Mac Blog Discussion' started by MacRumors, Aug 29, 2013.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Apple has again remotely blocked some versions of Oracle's Java browser plugin because of vulnerabilities according to 9to5Mac.

    The blockage, which was announced internally to AppleCare and Apple Retail employees, is because of an "unspecified vulnerability" and Apple has blocked Java 6 versions below update 51, and Java 7 versions below update 25.

    At the beginning of this year, Apple blocked Java plug-ins in Safari several times because of unfixed vulnerabilities. Oracle has typically updated Java fairly quickly to remedy the vulnerabilities.

    Users are strongly advised to ensure they have the latest versions of Java.

    Article Link: Apple Again Blocks Older Versions of Java Over Vulnerability
     
  2. macrumors 6502

    Eddy Munn

    Joined:
    Dec 27, 2008
    #2
    Oracle without Mac OSX?
    Points finger down..*
     
  3. macrumors 68030

    macs4nw

    #3
  4. Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    Whakatane, New Zealand
    #4
    Since the article doesn't mention it... update 25 is the current version so unlike one of Apple's earlier blocks, this one already has a fix available.
     
  5. macrumors member

    Joined:
    Aug 25, 2013
    #5
    VirtualBox + Ubuntu = Free Java environment.
     
  6. macrumors 68020

    Joined:
    Jul 8, 2006
    Location:
    California
    #6
    Looks like I've all ready had update 25 for months so no need to update again at this point.
     
  7. macrumors regular

    Joined:
    Apr 27, 2005
    #7
    HOW does Apple block something that is already on your computer?
     
  8. macrumors 65816

    Joined:
    Feb 15, 2011
    Location:
    Holland
    #8
    What do you mean? I have the Java 7 RE installed, that's the same thing right?
     
  9. macrumors 68000

    Joined:
    Nov 4, 2008
    #9
    I find it odd how they've reacted to this so fast but have dragged their heels on the core text exploit that they've known about for ages.
     
  10. macrumors member

    Joined:
    Aug 25, 2013
    #10
    Nope. If you install Ubuntu via VirtualBox then install Java onto that virtual machine, then that Java instsll doesn't touch OS X. If anything happens then all you need to do is delete that virtual machine and start anew.
     
  11. macrumors 68030

    baryon

    Joined:
    Oct 3, 2009
    #11
    I have the latest version of Java yet it hasn't worked for about 4 months. Websites just say I don't have Java installed, when in fact I do. It's enabled in Safari and all. Anyone have an idea of what's going on?
     
  12. macrumors 601

    Mr. Retrofire

    Joined:
    Mar 2, 2010
    Location:
    www.emiliana.cl
    #12
  13. macrumors 68040

    Joined:
    Feb 2, 2008
    #13
    The problem here is the browser plugin though, an applet can be run by any website. Using the Java environment on your local machine, runs local code.
     
  14. macrumors 6502a

    Joined:
    Jul 10, 2008
    #14
  15. macrumors 604

    Jessica Lares

    Joined:
    Oct 31, 2009
    Location:
    Near Dallas, Texas, USA
    #15
    *YAWN* Cue the phone call from my dad again when the teachers freak out over it this morning/afternoon. :rolleyes:

    I haven't had the need to use Java in ages.
     
  16. macrumors P6

    Weaselboy

    Joined:
    Jan 23, 2005
    #16
    It is done in the background with an update to the below XProtect plist file.

    Code:
    /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist
     
  17. macrumors 65816

    Joined:
    Feb 15, 2011
    Location:
    Holland
    #17
    I see. Well, I'd like to run a minecraft server on my mac, so i'll leave it in os x then.
     
  18. macrumors 6502

    scbn

    Joined:
    Jul 25, 2010
    #18
    Java has become a pain... like all the Adobe products now, you have to update almost every week (sometimes more than once a week).
     
  19. macrumors P6

    Joined:
    Oct 17, 2011
    #19
    Yup, like the last update for Java was just yesterday...over 2 months ago (and the last Adobe Reader update was months ago). ;)
     
  20. macrumors 65816

    phoenixsan

    Joined:
    Oct 19, 2012
    #20
    The fact about.....

    all the vulnerabilities, malware and things like this shows to me some things:

    1-Apple hardware and software comes back to interest
    2- No more about 100% truth on the old "Apple computers dont get viruses or not are being attacked"
    3-The need for safe computer practices, not only on bussiness, enterprise or goverment enviroments, but also in family and personal venues.....


    :):apple:
     
  21. macrumors 6502a

    iDuel

    Joined:
    Jul 20, 2011
    Location:
    Greece/USA
    #21
    Correct me if I am wrong, but this Java vulnerability has nothing to do with the OS, as this probably exists on Windows too. It's not a case of Apple software, as Apple doesn't develop Java, they cannot make sure that it is 100% solid.

    Apple could make a solid OS, and someone could still install a version of Adobe Flash, Java, Silverlight, etc. that has a known vulnerability and take advantage of the permissions it obtains.

    I'm not saying that we shouldn't take responsibility for our computer's security, it's just that you are barking up the wrong tree in this case.
     
  22. macrumors 65816

    phoenixsan

    Joined:
    Oct 19, 2012
    #22
    Barking?....

    I am not a dog, pal......And the thing is, the exploit become famous in Mac OS. No doubt by the delayed update of Java by the Apple people....
     
  23. macrumors 6502a

    iDuel

    Joined:
    Jul 20, 2011
    Location:
    Greece/USA
    #23
    I'm sorry if you were offended by a figure of speech, but that isn't the point. By your post, it seemed that you were blaming Apple for the vulnerability, yet Apple is not Oracle, so there wasn't a single thing Apple could have done to prevent this.

    Apple did what they could do in this case by blocking the older, more vulnerable versions.
     
  24. macrumors 65816

    phoenixsan

    Joined:
    Oct 19, 2012
    #24
    Apple lags behind Oracle official releases....That is a fact and a decision by Apple....No figure of speech or fanboyness....


    :):apple:
     
  25. macrumors 68040

    Joined:
    Jul 11, 2009
    #25
    That wasn't the case for the most recent Java updates. Presumably Apple has figured out that it's a big problem for them to be so late with the patch releases.
     

Share This Page