Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
65,279
33,553



java.png
Apple today released updated versions of Java 6 for OS X, bringing additional improvements to security, reliability, and compatibility. This is a standard update to Java 6, which is distributed by Apple. Java 7 is available through Oracle.
Java for OS X 2013-005 delivers improved security, reliability, and compatibility for Java SE 6. Java for OS X 2013-005 supersedes all previous versions of Java for OS X.

This release updates the Apple-provided system Java SE 6 to version 1.6.0_65 and is for OS X versions 10.7 or later.

This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle.
There are separate updates available for both OS X Snow Leopard and OS X Lion/Mountain Lion, which can be downloaded through the Mac App Store or from Apple's software download site.

On its support page that explains the software update, Apple notes that multiple vulnerabilities in the previous version of Java were repaired.
Description: Multiple vulnerabilities existed in Java 1.6.0_51, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_65.
Apple has also released new printer drivers for HP and Canon printers.

Article Link: Apple Releases New Java 6 Updates With Enhanced Security, Uninstalls Apple-Provided Java Applet Plug-in
 

Makosuke

macrumors 604
Aug 15, 2001
6,728
1,367
The Cool Part of CA, USA
To my knowledge there has never been a situation where a software update removing an existing feature was such a positive thing for the world at large.

Pulling the plug on the default plug-in and forcing people who really want it to go and get it from Oracle is very good security news. One hopes (and expects) that the majority of everyday users won't ever bother downloading the plugin from Oracle, which will effectively close the gaping hole Java left in the browser.
 

dempson

macrumors regular
Jun 10, 2007
117
14
Wellington, New Zealand
Why not simply move to Java 7? Having two separate versions installed seems archaic.

I gather some Java apps have compatibility issues which prevent them working with Java 7, so Java 6 is still needed in some cases.

A second reason is that Java 7 requires Lion or later, and Apple is still providing Java 6 updates for Snow Leopard. If Apple is doing Java 6 updates for Snow Leopard anyway, it is probably only a small amount of additional work to distribute them for Lion and Mountain Lion.

Oracle stopped doing public releases of Java 6 updates (e.g. for Windows) early this year - their last public version is 1.6.0_45, but Apple has subsequently released 1.6.0_51 and now 1.6.0_65. I expect Oracle are still releasing Java 6 updates to those who are paying for support, and their agreement allows Apple to release those updates to Mac users.

Once Apple stops releasing new security updates for Snow Leopard (likely to be before the end of this year), they would probably also stop updating Java 6 for Snow Leopard, and that might mean they stop updating Java 6 for Lion and later.
 
Last edited:

Rocketman

macrumors 603
Really. How hard would it be for Apple to compile a version for the last 5 or so major OS releases so older devices that were recently DISABLED by Apple can simply be re-enabled to shipping capacity. I had a Java app which was mission critical simply stop working on OSX 10.4.11 which is very widely deployed.

/ valid complaint /

And, yes, I have modern computers too. :D
 

djtech42

macrumors 65816
Jun 23, 2012
1,451
64
Mason, OH
The Java web plugin is probably the biggest security threat to OS X. It's best if we try to move away from having to use these Java applets.
 

9000

macrumors 6502a
Sep 29, 2013
519
0
Hyrule
Why not simply move to Java 7? Having two separate versions installed seems archaic.

Big compatibility issues with some things. I've been sticking with 6 because 7 was causing problems.

----------

"This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle."

Well that's annoying. I don't even care and don't bother to install these updates that go around disabling my plugins. I remember when you used to be able to use Java on a site without pressing "allow" on 5 different windows that pop up sporadically.

----------

Poor Java is getting a bad name. The security issues are specific to the Java browser plug-in. Java as a language is fine.

It's not fine once you're running its "compiled" code. Total RAM hog. It's also really tough to make any GUI look good with Java. Sure, it's good for TD Ameritrade's online tools...

----------

Really. How hard would it be for Apple to compile a version for the last 5 or so major OS releases so older devices that were recently DISABLED by Apple can simply be re-enabled to shipping capacity. I had a Java app which was mission critical simply stop working on OSX 10.4.11 which is very widely deployed.

/ valid complaint /

And, yes, I have modern computers too. :D

You mean that the security update on Tiger machines disabled Java and didn't let you use it at all?
 

JLL

macrumors regular
Apr 25, 2003
214
164
Copenhagen, Denmark
Why do we have to have the same article every time?

The removal of the plug-in was introduced in October 2012 when Java 1.6.0_37 was released, and there have been many updates in the last year.

Apple is just reusing the text in the KB and there is nothing new with regards to the plug-in in this update.
 

ohbrilliance

macrumors 65816
May 15, 2007
1,011
356
Melbourne, Australia
It's not fine once you're running its "compiled" code. Total RAM hog. It's also really tough to make any GUI look good with Java. Sure, it's good for TD Ameritrade's online tools...

I meant it's fine in terms of security. The merits of Java as a language belong in another discussion.
 

TsMkLg068426

macrumors 68000
Mar 31, 2009
1,505
344
I removed Java on my Mac OS 10.8.5 a while ago I felt there was no use to it and always a problem plus how many sites still use Java?
 

DOSNET

macrumors member
Aug 21, 2013
58
0
I removed Java on my Mac OS 10.8.5 a while ago I felt there was no use to it and always a problem plus how many sites still use Java?

Java, like Flash, was primarily used when the internet couldn't do a whole lot on its own. HTML5 and modern JavaScript has made the two mostly obsolete. However, offline Java still has its uses. It's one of many ways to produce cross-platform code. There are more native alternatives such as Qt and WXWidgets that don't come with the performance penalties of Java though, so even that advantage isn't as strong as it once was.
 

RayK

macrumors 6502
Oct 13, 2005
345
15
Also, the new release doesn't appear to disable it if you have already gone to the trouble to reenable it via the command line instructions I posted a bit earlier.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.