Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

macOS Java Question for fellow Programmers

Pentad

Pentad

macrumors 6502a
Original poster
Nov 26, 2003
986
99
Indiana
Greetings,

I am working on a Java project on my MBP but I am growing more and more concerned with Java on the Mac and especially the security updates that seem to be lagging behind in Java for OS X.

I saw this today and I am wondering about these updates for OS X??

How are you folks -the other Java developers- dealing with this? I am considering moving to Eclipse for Windows via my VMWare but I have to tell you if this keeps up I'm not sure that I actually need a MBP anymore.

When Apple dropped their deprecated Java Update late last year I was afraid security updates would fall even further behind than they had in the past. Now, I'm not even sure we'll get these security updates...

-P
 
Every browser has the ability to disable Java, usually with a simple checkbox.
So disable Java in your browser.
Problem solved.

After it's disabled in your browser, there is no longer any attack surface exposed by Java that isn't also exposed by other means. There are no daemons, services, etc. of any kind (as far as I know) that run in the background and rely on the JVM. None of the controllable services in System Preferences Sharing pane use Java at all.

Java is still available at the command-line, but so are numerous other attack vectors, such as perl, python, shell, etc. If someone's going to attack an exploitable weakness, writing Java code in the exploit seems less likely than many others. If there's an exploitable weakness in some other service (i.e. an exploit that can be made to run externally supplied code), then firing up the JVM in the exploit is one of the harder ways of doing it.

If you need to run Java in your browser for some reason, then create a non-admin account and enable it only there. Only use that browser for the few places you need browser-based Java, and only for those sites that are actually trustworthy.

Finally, Apple has a pre-release update of Java:
http://lists.apple.com/archives/java-dev/2011/Feb/msg00068.html
 
Last edited:
Pentad said:
Greetings,

I am working on a Java project on my MBP but I am growing more and more concerned with Java on the Mac and especially the security updates that seem to be lagging behind in Java for OS X.

I saw this today and I am wondering about these updates for OS X??

How are you folks -the other Java developers- dealing with this? I am considering moving to Eclipse for Windows via my VMWare but I have to tell you if this keeps up I'm not sure that I actually need a MBP anymore.

When Apple dropped their deprecated Java Update late last year I was afraid security updates would fall even further behind than they had in the past. Now, I'm not even sure we'll get these security updates...

-P
Click to expand...

I've been programming Java on Windows (primarily) and Linux for the past 10 years (the previous 12 years were all C/C++ and other technologies now dead) and now switching to Macintosh finally. Oracle/Sun will take care to keep Java alive and well for a long time. IMO, what I see in the enterprise, its the same old religious battle between dreaded Microsoft and entrepreneurial Apple. I used to program Macs way back in their hay-day (OS 4, 5, 6) and am very excited to use Eclipse on Mac with Apache/Tomcat, Spring, Hibernate, etc.

So, I'm betting the farm on Apple and Java support being around for a long time.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back