Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
56,611
19,359



java.png
Apple has again remotely blocked some versions of Oracle's Java browser plugin because of vulnerabilities according to 9to5Mac.

The blockage, which was announced internally to AppleCare and Apple Retail employees, is because of an "unspecified vulnerability" and Apple has blocked Java 6 versions below update 51, and Java 7 versions below update 25.

At the beginning of this year, Apple blocked Java plug-ins in Safari several times because of unfixed vulnerabilities. Oracle has typically updated Java fairly quickly to remedy the vulnerabilities.

Users are strongly advised to ensure they have the latest versions of Java.

Article Link: Apple Again Blocks Older Versions of Java Over Vulnerability
 

Nermal

Moderator
Staff member
Dec 7, 2002
19,476
2,085
New Zealand
Since the article doesn't mention it... update 25 is the current version so unlike one of Apple's earlier blocks, this one already has a fix available.
 

H2SO4

macrumors 603
Nov 4, 2008
5,104
6,349
I find it odd how they've reacted to this so fast but have dragged their heels on the core text exploit that they've known about for ages.
 

Bitmin1991

macrumors member
Aug 25, 2013
32
0
What do you mean? I have the Java 7 RE installed, that's the same thing right?

Nope. If you install Ubuntu via VirtualBox then install Java onto that virtual machine, then that Java instsll doesn't touch OS X. If anything happens then all you need to do is delete that virtual machine and start anew.
 

baryon

macrumors 68040
Oct 3, 2009
3,732
2,424
I have the latest version of Java yet it hasn't worked for about 4 months. Websites just say I don't have Java installed, when in fact I do. It's enabled in Safari and all. Anyone have an idea of what's going on?
 

Mr. Retrofire

macrumors 603
Mar 2, 2010
5,049
493
www.emiliana.cl/en

subsonix

macrumors 68040
Feb 2, 2008
3,551
79
Nope. If you install Ubuntu via VirtualBox then install Java onto that virtual machine, then that Java instsll doesn't touch OS X. If anything happens then all you need to do is delete that virtual machine and start anew.

The problem here is the browser plugin though, an applet can be run by any website. Using the Java environment on your local machine, runs local code.
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
32,555
12,386
California
I think the question is whether it requires an update to run or if this is something Apple silently pushes down like how it updates the panel on an Apple TV with new icons.

It is done in the background with an update to the below XProtect plist file.

Code:
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist
 

vmachiel

macrumors 68000
Feb 15, 2011
1,750
1,306
Holland
Nope. If you install Ubuntu via VirtualBox then install Java onto that virtual machine, then that Java instsll doesn't touch OS X. If anything happens then all you need to do is delete that virtual machine and start anew.

I see. Well, I'd like to run a minecraft server on my mac, so i'll leave it in os x then.
 

scbn

macrumors 6502
Jul 25, 2010
272
22
Java has become a pain... like all the Adobe products now, you have to update almost every week (sometimes more than once a week).
 

C DM

macrumors Sandy Bridge
Oct 17, 2011
51,388
19,453
Java has become a pain... like all the Adobe products now, you have to update almost every week (sometimes more than once a week).
Yup, like the last update for Java was just yesterday...over 2 months ago (and the last Adobe Reader update was months ago). ;)
 

phoenixsan

macrumors 65816
Oct 19, 2012
1,342
2
The fact about.....

all the vulnerabilities, malware and things like this shows to me some things:

1-Apple hardware and software comes back to interest
2- No more about 100% truth on the old "Apple computers dont get viruses or not are being attacked"
3-The need for safe computer practices, not only on bussiness, enterprise or goverment enviroments, but also in family and personal venues.....


:):apple:
 

iDuel

macrumors 6502a
Jul 20, 2011
775
97
Greece/USA
all the vulnerabilities, malware and things like this shows to me some things:

1-Apple hardware and software comes back to interest
2- No more about 100% truth on the old "Apple computers dont get viruses or not are being attacked"
3-The need for safe computer practices, not only on bussiness, enterprise or goverment enviroments, but also in family and personal venues.....


:):apple:

Correct me if I am wrong, but this Java vulnerability has nothing to do with the OS, as this probably exists on Windows too. It's not a case of Apple software, as Apple doesn't develop Java, they cannot make sure that it is 100% solid.

Apple could make a solid OS, and someone could still install a version of Adobe Flash, Java, Silverlight, etc. that has a known vulnerability and take advantage of the permissions it obtains.

I'm not saying that we shouldn't take responsibility for our computer's security, it's just that you are barking up the wrong tree in this case.
 

phoenixsan

macrumors 65816
Oct 19, 2012
1,342
2
Barking?....

Correct me if I am wrong, but this Java vulnerability has nothing to do with the OS, as this probably exists on Windows too. It's not a case of Apple software, as Apple doesn't develop Java, they cannot make sure that it is 100% solid.

Apple could make a solid OS, and someone could still install a version of Adobe Flash, Java, Silverlight, etc. that has a known vulnerability and take advantage of the permissions it obtains.

I'm not saying that we shouldn't take responsibility for our computer's security, it's just that you are barking up the wrong tree in this case.

I am not a dog, pal......And the thing is, the exploit become famous in Mac OS. No doubt by the delayed update of Java by the Apple people....
 

iDuel

macrumors 6502a
Jul 20, 2011
775
97
Greece/USA
I am not a dog, pal......And the thing is, the exploit become famous in Mac OS. No doubt by the delayed update of Java by the Apple people....

I'm sorry if you were offended by a figure of speech, but that isn't the point. By your post, it seemed that you were blaming Apple for the vulnerability, yet Apple is not Oracle, so there wasn't a single thing Apple could have done to prevent this.

Apple did what they could do in this case by blocking the older, more vulnerable versions.
 

phoenixsan

macrumors 65816
Oct 19, 2012
1,342
2
I'm sorry if you were offended by a figure of speech, but that isn't the point. By your post, it seemed that you were blaming Apple for the vulnerability, yet Apple is not Oracle, so there wasn't a single thing Apple could have done to prevent this.

Apple did what they could do in this case by blocking the older, more vulnerable versions.

Apple lags behind Oracle official releases....That is a fact and a decision by Apple....No figure of speech or fanboyness....


:):apple:
 

chrfr

macrumors G4
Jul 11, 2009
11,536
5,091
Apple lags behind Oracle official releases.

That wasn't the case for the most recent Java updates. Presumably Apple has figured out that it's a big problem for them to be so late with the patch releases.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.