Apple Once Again Blocks Java 7 Web Plug-in

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jan 31, 2013.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Earlier this month, Apple took the unusual step of remotely blocking Oracle's Java 7 browser plug-in due to a major security vulnerability, using the "Xprotect" anti-malware system built into OS X to enforce a minimum version number that had yet to be released. Within days, Oracle updated Java to address the issue, with the new version number making the Java plug-in usable on OS X systems once more.

    As noted by French site MacGeneration [Google translation] and the Apple discussion forums, Apple has once again blocked the Java 7 plug-in using Xprotect.

    [​IMG]
    The updated blacklist enforces a minimum Java plug-in version of 1.7.0_11-b22, while the latest version of the plug-in is 1.7.0_11-b21.

    The exact reason for Apple's renewed block on the Java plug-in is unknown although reports immediately following the release of Update 11 earlier this month indicated that it fixed only one of the two bugs that contributed to the security vulnerability. In the wake of that news, cybersecurity officials recommended that most users disable Java even with the up-to-date plug-in installed.
    If this continued issue is indeed the reason for the new block by Apple, it is unclear why the company waited several weeks to update its plug-in blacklist.

    Article Link: Apple Once Again Blocks Java 7 Web Plug-in
     
  2. macrumors 6502

    FakeWozniak

    Joined:
    Nov 8, 2007
    #2
    It would be nice to know WHY stuff stops working.

    Does anyone know how to see what is added regularly from Apple? I don't really feel like monitoring the blacklist file. I suppose the people who write the malware do though :-(

    I use a Java based 'meeting' program from work and I don't know if it is the program or Java or the network...

    Anyone know if Flash is in blacklist file? :)
     
  3. notjustjay, Jan 31, 2013
    Last edited: Jan 31, 2013

    macrumors 603

    notjustjay

    Joined:
    Sep 19, 2003
    Location:
    Canada, eh?
    #3
    I've had Java disabled in my browser for the last several years, and I don't miss it at all. I think in all that time I have re-enabled it maybe once because there was an applet I actually wanted to run.

    Just leave it turned off.

    Edit: OK, before you hit "reply" and rip into me saying "well, I'm glad that works for YOU, but what about...", please note that I've acknowledged this further in the thread, and I'm sorry if your business/bank/whatever forces you to use Java applets in your browser.
     
  4. macrumors 68020

    Joined:
    May 23, 2011
    #4
    Oracle bought all those companies and products that they have absolutely no clue how to support or further develop.

    I do work in two used-to-be-great enterprise software packages, both went downhill since the original company was bought by Oracle.
     
  5. macrumors 6502a

    ConCat

    Joined:
    Jul 27, 2012
    Location:
    In an ethereal plane of existence.
    #5
    Some people actually need it in certain business environments. Apple really should quit doing this, and I mean now. If we want it disabled, we can disable it ourselves. How hard would it be to push the update to computers after Oracle updates Java with the security patch, not before?
     
  6. macrumors member

    Joined:
    Sep 13, 2012
    #6
    The bad news never stops with Java. Not that I would use it anyways.
     
  7. macrumors 603

    Rocketman

    Joined:
    Dec 2, 2001
    Location:
    Claremont, CA
    #7
    Java on 10.6 and before stopped working entirely. I have a standalone Java app I use on 10.4.11 and one day it just up and stopped working. Java says Apple is responsible for updating and of course Apple has not updated it either. This is a black hole because something that worked and was trusted by being rare and obscure, no longer works and I had no choice to "opt out."

    Unless someone here has a suggestion.

    Rocketman
     
  8. macrumors regular

    AppleGuesser

    Joined:
    May 1, 2012
    Location:
    Athens, GA
    #8
    Again?? Well....this is inconvenient.... :(
     
  9. macrumors 65816

    Joined:
    Feb 15, 2011
    Location:
    Holland
    #9
    I only use Java for Minecraft. I've never used the browser plugin, i've had it disabled for about a year now.
     
  10. macrumors 601

    BornAgainMac

    Joined:
    Feb 4, 2004
    Location:
    Florida Resident
    #10
    Java makes more sense on the server application and not as a client. I have had nothing but problems with Java applications after Java 7 came out. I even have applications that are not supported with later updates of Java 6 that are lower than other applications that need a higher update level.
     
  11. macrumors regular

    Joined:
    Oct 30, 2011
    #11
    And the anti Apple comments will begin right about now...
     
  12. macrumors regular

    Joined:
    Jul 11, 2008
    #12
    How do I turn it back on?

    (oh, and spare me the preaching, I'm aware of the tiny theoretical risk involved, and it's massively outweighed by 100% chance of me not being able to use my computer to do most of the things I want to do today)

    I would have thought Apple would have learned from iOS Maps, iOS Youtube and iTunes 11 not to break stuff that was working until they had a replacement that was usable?
     
  13. macrumors 6502

    Joined:
    May 22, 2003
    #13
    I urgently need it now so I got it work using Firefox. Couldn't figure out a way to do it with Safari.
     
  14. macrumors member

    Joined:
    Jun 18, 2007
    Location:
    Leeds, UK
    #14
    Classic if it doesnt affect me its not important.

    This has stopped by company from using its finance system and staff are currently sat around twiddling their thumbs. Plus it took me an entire morning to work out what the issue was as there was no notification from Apple.

    Thanks for your really useful advice!

    I re-iterate what some others have said. THIS IS NOT ACCEPTABLE BEHAVIOUR from Apple and they need to sort this out pronto.
     
  15. macrumors newbie

    Joined:
    Jan 1, 2009
    #15
    Tiny theoretical risk? Yes, if you don't visit web pages at all.
     
  16. macrumors member

    Joined:
    Sep 6, 2004
    Location:
    Bergen, Norway
    #16
    Java is essential for the joint Norwegian bank login system BankID. If Apple has disabled this without a way of switching it back on, we are all locked out of our bank accounts!
     
  17. macrumors regular

    Joined:
    Jul 11, 2008
    #17
    How?
     
  18. macrumors member

    Joined:
    Oct 6, 2008
    Location:
    Northern VA
    #18
    Pretty sure that if you just use any browser besides Safari and you're good to go.

    If your company really sat around twiddling their thumbs without trying another browser then you're likely exactly who Apple disallowed the Safari plugin for.
     
  19. RMo
    macrumors 65816

    Joined:
    Aug 7, 2007
    Location:
    Iowa, USA
    #19
    Do you really do most of the work on your computer with Java plug-in applets? My understanding is that, like last time, regular desktop applications (JARs, including those launched as part of a packaged APP bundle) will work fine.
     
  20. macrumors 68030

    Steve121178

    Joined:
    Apr 13, 2010
    Location:
    Bedfordshire, UK
    #20
    I feel your pain! This is totally and utterly unprofessional. Apple must stop playing 'God' by interfering like this.

    Microsoft realise that doing stuff like this can cripple businesses, that's why they issue security bulletins and put the onus on users/Administrators to call the shots.
     
  21. macrumors 6502

    NYmacAttack

    Joined:
    Dec 8, 2005
    Location:
    NY
    #21
    Also would like to know. Tried Firefox with no success.:confused:
     
  22. macrumors 6502a

    Joined:
    Jul 29, 2007
    #22
    What could the risk be using Java to access your bank account?
     
  23. macrumors 68030

    yusukeaoki

    Joined:
    Mar 22, 2011
    Location:
    Tokyo, Japan
    #23
    Already disabled Java days ago.
    Never missed it and never will.
     
  24. macrumors member

    Joined:
    Jun 18, 2007
    Location:
    Leeds, UK
    #24
    Thats not true. If you use a java web start application it wont launch. Even using Firefox.

    You may be able to reconfigure the app somehow to not use safari to launch. Should I really be expected to to that?
     
  25. macrumors regular

    Joined:
    Jul 11, 2008
    #25
    Do you have even the tiniest shred of evidence that the current vulnerability is being exploited in the wild, by reputable sites, with a payload that isn't aimed purely at windows machines?

    If you do, let me know, and I'll be sure not to click the 'are you sure' dialogue box that I wouldn't click anyway.
     

Share This Page