Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

ArtOfWarfare

macrumors G3
Original poster
Nov 26, 2007
9,699
6,268
Java popped up and said a new version was available... I don't know what the major number was, but the minor number was 51, as I recall.

I gave it the okay. A few seconds later it popped up a message, "This update is locked by a password" with a text field labeled "Password". This wasn't the typical OS X password window. It didn't even specify which password it wanted (user, admin, root... or perhaps some password to a file or something?) I left the field blank and just hit "Unlock".

Since hitting that unlock button about 10 minutes ago, it's been saying it's "Extracting update..." with an indeterminate progress bar below it. I feel like it should have failed by now if it was a legitimate update. I googled around for anyone else mentioning the window... all that came up was a discussion six years old about how an old version of Sparkle (an application framework for making it easy for developers to have their apps autoupdate) would ask for your password if it failed to mount a DMG or something like that.

I'm wondering... is this some kind of trojan? I have no idea how I would have gotten it, given I have Click to Plugin installed in Safari, which is up to date and the only browser I use on this computer. I suppose I just downloaded Paint Code yesterday... I can't think of anything else I've really done with this computer recently.

(It's still behaving exactly the same... it's now been at it for 15 minutes.)
 
So you want to know if an update that you don't know to a Java version that you don't know is legitimate? I don't know.
 
I also encountered the same problem with the update is locked with a password.

I cancelled it and it stay running for a few minutes until I quit it using activity monitor.

I searched online and found this forum post & retried to upgrade again via system preference -> Java -> upgrade

This time there's no password requirement.

Hmmmm Maybe the upgrade is password locked previously internally and pushed the update too quickly and discovered the mistake and updated the file with one that does not need a password to "extract".

Got a feeling someone password locked a compress file accidentally, compression is required to save on bandwidth I guess. :D
 
Exactly the same issue....

I searched online and found this forum post & retried to upgrade again via system preference -> Java -> upgrade

This seems to work.
 
I eventually quit it last night. Tonight, it tried updating again. This time, the password window was the proper OS X password window and it said something about trying to install an update helper tool or something. I gave it my password and it updated fine.

According to wikipedia, Java 7 update 51 (the version that just installed - the same version I mentioned in my opening post) is the latest version and was released yesterday.
 
I wrote Oracle/Java.

http://bugreport.sun.com/bugreport/main.jsp

^ Bottom: "Report an issue".

I wish/hope this is something that just looks suspicious but isn't - although my inituition tells me otherwise - and I promised to listen to my inituition more (after not listening had amazing backfiring consequences for me)!

I'm currently scanning my system with ClamXav - afterwards I will try Bitdefender.

If someone has more suggestions please step up.
 
Last edited:
There is no evidence at all of anything behaving like a trojan.
The fact that apps may not follow Apple's requirements to get a password doesn't mean they are malware.
Get the process name of this updater. Locate it, and perhaps update here.
 
I would expect any upgrade to include the request for an administrative password before it will install.

I recently installed both the flash and java updaters, and both required passwords to modify the existing software. Quite normal.
 
You're misrepresenting the story of the OP

I would expect any upgrade to include the request for an administrative password before it will install.

I recently installed both the flash and java updaters, and both required passwords to modify the existing software. Quite normal.

You're misrepresenting the story of the OP, who got a non-standard (for OS X) dialog stating the update itself was "locked" with a password.

I got it too just now.
 
If anyone ever sees this dialog again - please link/attach a screenshot!

The more screenshots the better.

And a

"ps aux" output (Terminal command) of the active Java application/update would be handy as well.
 
2694811ffa0afe27091e2d329238a95c.png


Excuse the blurriness since I was updating a headless off-site mac.

If anyone ever sees this dialog again - please link/attach a screenshot!

The more screenshots the better.

And a

"ps aux" output (Terminal command) of the active Java application/update would be handy as well.
 
Fix: Download Java Installer from java.com

This worked for me!
skitch.png
 
Last edited by a moderator:
Java update asked for password?

Weird behaviour this. I have had the same issue with the update to the previous version 7.45. I was unable to find any solution or hint so resorted to the manual installation from http://java.com/en/download/mac_download.jsp. This installed the update without prompting for an unlock code, purely prompting for the system password as expected. Hopefully someone at Apple / Oracle gets to fixing this.
 
Screenshot And One Explanation

Just curious... of the people that experienced this problem... were they on corporate networks?

I saw the same thing at my company and it turned out to be caused by some network security equipment that was virus scanning traffic as it came into the network. Something it didn't like about .DMG files.
 

Attachments

  • Java7u45_LockedPassword.png
    Java7u45_LockedPassword.png
    23.2 KB · Views: 997
Known issue, apparently

I encountered the same issue today and found this thread after a Google search.

The Oracle release notes for 1.7.0_51 include this item:

Area: install/install
Synopsis: [macosx] Scheduled AU - cannot auto update on Mac 10.9

On Mac OS 10.9, when a scheduled Java (auto) update is initiated, the installer may become unresponsive.

The following workarounds should be performed by users facing this issue:

Manually install the updated pkg from java.com
Trigger an update through the Java Control Panel

This seems to confirm the various suggestions posted above.
 
Java update on mavericks

Hi,
as long as I have been using JAVA 7, I always first moved the old version
to the Trash and then installed the new version without a problem.
First thing I do after installation is to disable the [v] update option.

By the way, there are many other software products that do not update
properly, also on LINUX and MSWindows.
Especially on OSX with its easy uninstall/install nature, just do not update!
Your preferences are under /Users/<you>, so those are always retained.
;JOOP!
 
Hi,
as long as I have been using JAVA 7, I always first moved the old version
to the Trash and then installed the new version without a problem.
First thing I do after installation is to disable the [v] update option.

By the way, there are many other software products that do not update
properly, also on LINUX and MSWindows.
Especially on OSX with its easy uninstall/install nature, just do not update!
Your preferences are under /Users/<you>, so those are always retained.
;JOOP!

Then to do that you would go to Java preferences and uncheck the check for updates automatically checkbox, am I correct in this?
 
Is it "Java 7 Update 51" the new update? If then, it seems like it has been silently updated in the background for me.
 
JDK 7 u 55: "This update is locked with a password."

It is unfortunate that some vendors push bad security practices.

The JDK 7 update 55 is showing "This update is locked with a password." popup.

It is obvious that you would not give your password to any stranger asking it on the street, and this prompt is no different from a stranger. You have no way of telling where that password will be used.

It is a good practice to use system services for transparent and trusted way to ask for additional privileges. This update clearly violates this principle.

Below is a screenshot displaying the popup along with plausible ps axu listing showing that it might indeed be Oracle's update prompting for some password.

Shame on Oracle for making phishing user credentials one step easier.

https://www.dropbox.com/s/znoavsap0dv9ruw/Screenshot%202014-04-22%2019.15.53.png
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.