Apple Once Again Blocks Java 7 Web Plug-in

Discussion in ' News Discussion' started by MacRumors, Jan 31, 2013.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Earlier this month, Apple took the unusual step of remotely blocking Oracle's Java 7 browser plug-in due to a major security vulnerability, using the "Xprotect" anti-malware system built into OS X to enforce a minimum version number that had yet to be released. Within days, Oracle updated Java to address the issue, with the new version number making the Java plug-in usable on OS X systems once more.

    As noted by French site MacGeneration [Google translation] and the Apple discussion forums, Apple has once again blocked the Java 7 plug-in using Xprotect.

    The updated blacklist enforces a minimum Java plug-in version of 1.7.0_11-b22, while the latest version of the plug-in is 1.7.0_11-b21.

    The exact reason for Apple's renewed block on the Java plug-in is unknown although reports immediately following the release of Update 11 earlier this month indicated that it fixed only one of the two bugs that contributed to the security vulnerability. In the wake of that news, cybersecurity officials recommended that most users disable Java even with the up-to-date plug-in installed.
    If this continued issue is indeed the reason for the new block by Apple, it is unclear why the company waited several weeks to update its plug-in blacklist.

    Article Link: Apple Once Again Blocks Java 7 Web Plug-in
  2. FakeWozniak macrumors 6502


    Nov 8, 2007
    It would be nice to know WHY stuff stops working.

    Does anyone know how to see what is added regularly from Apple? I don't really feel like monitoring the blacklist file. I suppose the people who write the malware do though :-(

    I use a Java based 'meeting' program from work and I don't know if it is the program or Java or the network...

    Anyone know if Flash is in blacklist file? :)
  3. notjustjay, Jan 31, 2013
    Last edited: Jan 31, 2013

    notjustjay macrumors 603


    Sep 19, 2003
    Canada, eh?
    I've had Java disabled in my browser for the last several years, and I don't miss it at all. I think in all that time I have re-enabled it maybe once because there was an applet I actually wanted to run.

    Just leave it turned off.

    Edit: OK, before you hit "reply" and rip into me saying "well, I'm glad that works for YOU, but what about...", please note that I've acknowledged this further in the thread, and I'm sorry if your business/bank/whatever forces you to use Java applets in your browser.
  4. Tiger8 macrumors 68020

    May 23, 2011
    Oracle bought all those companies and products that they have absolutely no clue how to support or further develop.

    I do work in two used-to-be-great enterprise software packages, both went downhill since the original company was bought by Oracle.
  5. ConCat macrumors 6502a


    Jul 27, 2012
    In an ethereal plane of existence.
    Some people actually need it in certain business environments. Apple really should quit doing this, and I mean now. If we want it disabled, we can disable it ourselves. How hard would it be to push the update to computers after Oracle updates Java with the security patch, not before?
  6. iphone495 macrumors member

    Sep 13, 2012
    The bad news never stops with Java. Not that I would use it anyways.
  7. Rocketman macrumors 603


    Java on 10.6 and before stopped working entirely. I have a standalone Java app I use on 10.4.11 and one day it just up and stopped working. Java says Apple is responsible for updating and of course Apple has not updated it either. This is a black hole because something that worked and was trusted by being rare and obscure, no longer works and I had no choice to "opt out."

    Unless someone here has a suggestion.

  8. AppleGuesser macrumors regular


    May 1, 2012
    Macon, GA
  9. vmachiel macrumors 68000

    Feb 15, 2011
    I only use Java for Minecraft. I've never used the browser plugin, i've had it disabled for about a year now.
  10. BornAgainMac macrumors 603


    Feb 4, 2004
    Florida Resident
    Java makes more sense on the server application and not as a client. I have had nothing but problems with Java applications after Java 7 came out. I even have applications that are not supported with later updates of Java 6 that are lower than other applications that need a higher update level.
  11. carl0sian macrumors regular

    Oct 30, 2011
    And the anti Apple comments will begin right about now...
  12. AndyUnderscoreR macrumors regular


    Jul 11, 2008
    How do I turn it back on?

    (oh, and spare me the preaching, I'm aware of the tiny theoretical risk involved, and it's massively outweighed by 100% chance of me not being able to use my computer to do most of the things I want to do today)

    I would have thought Apple would have learned from iOS Maps, iOS Youtube and iTunes 11 not to break stuff that was working until they had a replacement that was usable?
  13. DaveTheRave macrumors 6502a

    May 22, 2003
    I urgently need it now so I got it work using Firefox. Couldn't figure out a way to do it with Safari.
  14. jonatron macrumors member

    Jun 18, 2007
    Leeds, UK
    Classic if it doesnt affect me its not important.

    This has stopped by company from using its finance system and staff are currently sat around twiddling their thumbs. Plus it took me an entire morning to work out what the issue was as there was no notification from Apple.

    Thanks for your really useful advice!

    I re-iterate what some others have said. THIS IS NOT ACCEPTABLE BEHAVIOUR from Apple and they need to sort this out pronto.
  15. gazonk macrumors member

    Jan 1, 2009
    Tiny theoretical risk? Yes, if you don't visit web pages at all.
  16. jwkay macrumors regular


    Sep 6, 2004
    Bergen, Norway
    Java is essential for the joint Norwegian bank login system BankID. If Apple has disabled this without a way of switching it back on, we are all locked out of our bank accounts!
  17. AndyUnderscoreR macrumors regular


    Jul 11, 2008
  18. LlamaLarry macrumors member

    Oct 6, 2008
    Northern VA
    Pretty sure that if you just use any browser besides Safari and you're good to go.

    If your company really sat around twiddling their thumbs without trying another browser then you're likely exactly who Apple disallowed the Safari plugin for.
  19. RMo macrumors 65816


    Aug 7, 2007
    Iowa, USA
    Do you really do most of the work on your computer with Java plug-in applets? My understanding is that, like last time, regular desktop applications (JARs, including those launched as part of a packaged APP bundle) will work fine.
  20. Steve121178 macrumors 68040


    Apr 13, 2010
    Bedfordshire, UK
    I feel your pain! This is totally and utterly unprofessional. Apple must stop playing 'God' by interfering like this.

    Microsoft realise that doing stuff like this can cripple businesses, that's why they issue security bulletins and put the onus on users/Administrators to call the shots.
  21. NYmacAttack macrumors 6502


    Dec 8, 2005
    Also would like to know. Tried Firefox with no success.:confused:
  22. sectime macrumors 6502a

    Jul 29, 2007
    What could the risk be using Java to access your bank account?
  23. yusukeaoki macrumors 68030


    Mar 22, 2011
    Tokyo, Japan
    Already disabled Java days ago.
    Never missed it and never will.
  24. jonatron macrumors member

    Jun 18, 2007
    Leeds, UK
    Thats not true. If you use a java web start application it wont launch. Even using Firefox.

    You may be able to reconfigure the app somehow to not use safari to launch. Should I really be expected to to that?
  25. AndyUnderscoreR macrumors regular


    Jul 11, 2008
    Do you have even the tiniest shred of evidence that the current vulnerability is being exploited in the wild, by reputable sites, with a payload that isn't aimed purely at windows machines?

    If you do, let me know, and I'll be sure not to click the 'are you sure' dialogue box that I wouldn't click anyway.

Share This Page