Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

Apple Again Blocks Older Versions of Java Over Vulnerability

MacRumors

macrumors bot
Original poster
Apr 12, 2001
51,578
13,194



Apple has again remotely blocked some versions of Oracle's Java browser plugin because of vulnerabilities according to 9to5Mac.

The blockage, which was announced internally to AppleCare and Apple Retail employees, is because of an "unspecified vulnerability" and Apple has blocked Java 6 versions below update 51, and Java 7 versions below update 25.

At the beginning of this year, Apple blocked Java plug-ins in Safari several times because of unfixed vulnerabilities. Oracle has typically updated Java fairly quickly to remedy the vulnerabilities.

Users are strongly advised to ensure they have the latest versions of Java.

Article Link: Apple Again Blocks Older Versions of Java Over Vulnerability
 

Nermal

Moderator
Staff member
Dec 7, 2002
19,027
1,488
New Zealand
Since the article doesn't mention it... update 25 is the current version so unlike one of Apple's earlier blocks, this one already has a fix available.
 
Comment

MvdM

macrumors 6502
Apr 27, 2005
341
619
HOW does Apple block something that is already on your computer?
 
Comment

H2SO4

macrumors 601
Nov 4, 2008
4,739
5,864
I find it odd how they've reacted to this so fast but have dragged their heels on the core text exploit that they've known about for ages.
 
Comment

Bitmin1991

macrumors member
Aug 25, 2013
32
0
What do you mean? I have the Java 7 RE installed, that's the same thing right?

Nope. If you install Ubuntu via VirtualBox then install Java onto that virtual machine, then that Java instsll doesn't touch OS X. If anything happens then all you need to do is delete that virtual machine and start anew.
 
Comment

baryon

macrumors 68040
Oct 3, 2009
3,613
1,985
I have the latest version of Java yet it hasn't worked for about 4 months. Websites just say I don't have Java installed, when in fact I do. It's enabled in Safari and all. Anyone have an idea of what's going on?
 
Comment

Mr. Retrofire

macrumors 603
Mar 2, 2010
5,042
473
www.emiliana.cl/en
Comment

subsonix

macrumors 68040
Feb 2, 2008
3,551
79
Nope. If you install Ubuntu via VirtualBox then install Java onto that virtual machine, then that Java instsll doesn't touch OS X. If anything happens then all you need to do is delete that virtual machine and start anew.

The problem here is the browser plugin though, an applet can be run by any website. Using the Java environment on your local machine, runs local code.
 
Comment

Weaselboy

Moderator
Staff member
Jan 23, 2005
31,305
11,016
California
I think the question is whether it requires an update to run or if this is something Apple silently pushes down like how it updates the panel on an Apple TV with new icons.

It is done in the background with an update to the below XProtect plist file.

Code:
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist
 
Comment

vmachiel

macrumors 68000
Feb 15, 2011
1,746
1,298
Holland
Nope. If you install Ubuntu via VirtualBox then install Java onto that virtual machine, then that Java instsll doesn't touch OS X. If anything happens then all you need to do is delete that virtual machine and start anew.

I see. Well, I'd like to run a minecraft server on my mac, so i'll leave it in os x then.
 
Comment

scbn

macrumors 6502
Jul 25, 2010
272
22
Java has become a pain... like all the Adobe products now, you have to update almost every week (sometimes more than once a week).
 
Comment

C DM

macrumors Sandy Bridge
Oct 17, 2011
51,388
19,428
Java has become a pain... like all the Adobe products now, you have to update almost every week (sometimes more than once a week).
Yup, like the last update for Java was just yesterday...over 2 months ago (and the last Adobe Reader update was months ago). ;)
 
Comment

phoenixsan

macrumors 65816
Oct 19, 2012
1,342
2
The fact about.....

all the vulnerabilities, malware and things like this shows to me some things:

1-Apple hardware and software comes back to interest
2- No more about 100% truth on the old "Apple computers dont get viruses or not are being attacked"
3-The need for safe computer practices, not only on bussiness, enterprise or goverment enviroments, but also in family and personal venues.....


:):apple:
 
Comment

iDuel

macrumors 6502a
Jul 20, 2011
775
97
Greece/USA
all the vulnerabilities, malware and things like this shows to me some things:

1-Apple hardware and software comes back to interest
2- No more about 100% truth on the old "Apple computers dont get viruses or not are being attacked"
3-The need for safe computer practices, not only on bussiness, enterprise or goverment enviroments, but also in family and personal venues.....


:):apple:

Correct me if I am wrong, but this Java vulnerability has nothing to do with the OS, as this probably exists on Windows too. It's not a case of Apple software, as Apple doesn't develop Java, they cannot make sure that it is 100% solid.

Apple could make a solid OS, and someone could still install a version of Adobe Flash, Java, Silverlight, etc. that has a known vulnerability and take advantage of the permissions it obtains.

I'm not saying that we shouldn't take responsibility for our computer's security, it's just that you are barking up the wrong tree in this case.
 
Comment

phoenixsan

macrumors 65816
Oct 19, 2012
1,342
2
Barking?....

Correct me if I am wrong, but this Java vulnerability has nothing to do with the OS, as this probably exists on Windows too. It's not a case of Apple software, as Apple doesn't develop Java, they cannot make sure that it is 100% solid.

Apple could make a solid OS, and someone could still install a version of Adobe Flash, Java, Silverlight, etc. that has a known vulnerability and take advantage of the permissions it obtains.

I'm not saying that we shouldn't take responsibility for our computer's security, it's just that you are barking up the wrong tree in this case.

I am not a dog, pal......And the thing is, the exploit become famous in Mac OS. No doubt by the delayed update of Java by the Apple people....
 
Comment

iDuel

macrumors 6502a
Jul 20, 2011
775
97
Greece/USA
I am not a dog, pal......And the thing is, the exploit become famous in Mac OS. No doubt by the delayed update of Java by the Apple people....

I'm sorry if you were offended by a figure of speech, but that isn't the point. By your post, it seemed that you were blaming Apple for the vulnerability, yet Apple is not Oracle, so there wasn't a single thing Apple could have done to prevent this.

Apple did what they could do in this case by blocking the older, more vulnerable versions.
 
Comment

phoenixsan

macrumors 65816
Oct 19, 2012
1,342
2
I'm sorry if you were offended by a figure of speech, but that isn't the point. By your post, it seemed that you were blaming Apple for the vulnerability, yet Apple is not Oracle, so there wasn't a single thing Apple could have done to prevent this.

Apple did what they could do in this case by blocking the older, more vulnerable versions.

Apple lags behind Oracle official releases....That is a fact and a decision by Apple....No figure of speech or fanboyness....


:):apple:
 
Comment

chrfr

macrumors G4
Jul 11, 2009
10,715
4,308
Apple lags behind Oracle official releases.

That wasn't the case for the most recent Java updates. Presumably Apple has figured out that it's a big problem for them to be so late with the patch releases.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.