Newly-Discovered Java 7 Security Vulnerability Poses Risks to Macs

BuffyzDead

macrumors regular
Dec 30, 2008
101
44
Just because you have Java installed on your machine for a certain piece of software doesn't necessarily make you vulnerable.

The vulnerabilities are coming from the web browser, where a web site will try to run bad java code that your browser allows. Simply disable Java in your web browser, or use an older version, and you're safe when you surf the web - despite some other software requiring Java to run.

(Note: JavaScript and Java are two different things)
Is this Factual?....Is Java and JavaScript the same thing?

Is this true that if you Disable JavaScript in your Browser, all is well ??
EVEN if you have Java 7 Update 6 Installed?

Firefox has a JavaScript setting.
Safari has a JavaScript AND Java setting?
 
Last edited:

50548

Guest
Apr 17, 2005
5,039
2
Currently in Switzerland
Cue "Java sucks, why does anyone even need Java" comments...
And why not? Java DOES suck and is ABSOLUTELY USELESS to 99% of ordinary users out there. Only the usual "pundits" infesting this forum (or those making money out of it) can say anything positive about it.

If you do NOT play stupid Minecraft on your Mac or use one of the few/legacy websites relying on Java, just forget about it - deactivate that crap and get on with your lives. O
 

bbeagle

macrumors 68040
Oct 19, 2010
3,379
2,615
Buffalo, NY
Is Java and JavaScript the same thing?

Is this true that if you Disable JavaScript in your Browser, all is well ??
EVEN if you have Java 7 Update 6 Installed?
http://en.wikipedia.org/wiki/JavaScript

The names JavaScript and Java are unfortunate. Originally, Netscape created a scripting language for browsers and called it LiveScript. The name was later changed to JavaScript. The final choice of name caused confusion, giving the impression that the language was a spin-off of the Java programming language, and the choice has been characterized by many as a marketing ploy by Netscape to give JavaScript the cachet of what was then the hot new web programming language, Java.

Java and JavaScript are NOT THE SAME and are NOT RELATED.

If you just disable JavaScript, you are still vulnerable. If you keep JavaScript active, but disable Java only then you are good.
 

50548

Guest
Apr 17, 2005
5,039
2
Currently in Switzerland
Is this Factual?....Is Java and JavaScript the same thing?

Is this true that if you Disable JavaScript in your Browser, all is well ??
EVEN if you have Java 7 Update 6 Installed?

Firefox has a JavaScript setting.
Safari has a JavaScript AND Java setting?
Javascript is NOT the same thing - just disable Java and you should be fine on Safari.
 

SlyMac

macrumors 6502
Jun 16, 2008
293
49
If you want to go the safe route and don't know already, use the following path to disable them completely.

Applications > Utilities > Java Preferences.app
 

derbothaus

macrumors 601
Jul 17, 2010
4,060
4
So this will affect .005% of user base that went to Java site to manually download an updated Java package. Interesting, yes. Something to worry about, no. Apple installs Java 6 when or if it is needed. (ie. Adobe, Lotus Notes, all kinds of crappy business and finance applications)
 

50548

Guest
Apr 17, 2005
5,039
2
Currently in Switzerland
If you want to go the safe route and don't know already, use the following path to disable them completely.

Applications > Utilities > Java Preferences.app
This doesn't work for Java 7...

----------

Added the bold just to clarify. :)

(No idea regarding the 99% but certainly client based Java is way less used vs server/Enterprise based Java...)
That's what I meant, of course - I couldn't care less about server-side Java.
 

yg17

macrumors G5
Aug 1, 2004
14,910
2,515
St. Louis, MO
And why not? Java DOES suck and is ABSOLUTELY USELESS to 99% of ordinary users out there. Only the usual "pundits" infesting this forum (or those making money out of it) can say anything positive about it.

If you do NOT play stupid Minecraft on your Mac or use one of the few/legacy websites relying on Java, just forget about it - deactivate that crap and get on with your lives. O

There's more to Java than Minecraft and some stupid worthless applets on a webpage. It's used a lot for server side development and is a fine programming language for it.
 

Mal

macrumors 603
Jan 6, 2002
6,251
17
Orlando
Using Software Update to install Java when prompted for it does not install Java 7. You have to manually go to the Oracle site and download the installer for Java 7.

That said, I manually did that back when it came out, but I also have Java disabled in the browser, so I know I'm not going to be affected by this issue. At most, maybe 20 people in the world are likely to be hit by this (they have to be paying enough attention to go get this update manually, but stupid enough to not have Java disabled in the browser, or use Click-To-Plugin to enable it only for trusted sites).

jW
 

itickings

macrumors 6502a
Apr 14, 2007
924
5
And why not? Java DOES suck and is ABSOLUTELY USELESS to 99% of ordinary users out there. Only the usual "pundits" infesting this forum (or those making money out of it) can say anything positive about it.

If you do NOT play stupid Minecraft on your Mac or use one of the few/legacy websites relying on Java, just forget about it - deactivate that crap and get on with your lives. O
Substitute "Java" for "XCode", replace "Minecraft" and "websites" with a couple of other examples, and your post would still make the same amount of sense. You seem to be confusing "I don't use/need/understand it" with "It is crap".

As for 99% of ordinary users ... Java is not installed per default anymore, so we are gradually approaching a situation where only those who have had any use for Java have it installed. What's the problem?

Nice work BTW, combining made up statistics with a case of No true Scotsman. :p
 

50548

Guest
Apr 17, 2005
5,039
2
Currently in Switzerland
Substitute "Java" for "XCode", replace "Minecraft" and "websites" with a couple of other examples, and your post would still make the same amount of sense. You seem to be confusing "I don't use/need/understand it" with "It is crap".

As for 99% of ordinary users ... Java is not installed per default anymore, so we are gradually approaching a situation where only those who have had any use for Java have it installed. What's the problem?

Nice work BTW, combining made up statistics with a case of No true Scotsman. :p
Again, you probably don't know the difference between server-side and client-side Java.

99% of users do NOT need Java activated on their computers/browsers; therefore, they do not need to face such stupid risks arising out of a flawed piece of software. Is this so difficult to understand?
 

r.harris1

macrumors 6502a
Feb 20, 2012
817
868
Denver, Colorado, USA
And why not? Java DOES suck and is ABSOLUTELY USELESS to 99% of ordinary users out there. Only the usual "pundits" infesting this forum (or those making money out of it) can say anything positive about it.

If you do NOT play stupid Minecraft on your Mac or use one of the few/legacy websites relying on Java, just forget about it - deactivate that crap and get on with your lives. O
Why do you persist in making such uninformed, inflammatory statements? It adds nothing of value to the discussion. Lots of different types of people "infest" this forum, by the way. For instance, there are people who understand what Java is and how it is used and people who don't.

If you don't understand it, no problem, I don't understand a lot of things either. When I don't, I either go learn about it in depth if I'm interested, or get the gist of it from people who do, make an informed decision and, as you say, get on with my life. What I don't do is tell people what they should do if it's a topic I don't understand.

You know what? I don't disagree that many people could get away with disabling Java in their browser, but telling people it's "crap", while colorful, isn't useful to anyone.
 

50548

Guest
Apr 17, 2005
5,039
2
Currently in Switzerland
Why do you persist in making such uninformed, inflammatory statements? It adds nothing of value to the discussion. Lots of different types of people "infest" this forum, by the way. For instance, there are people who understand what Java is and how it is used and people who don't.

If you don't understand it, no problem, I don't understand a lot of things either. When I don't, I either go learn about it in depth if I'm interested, or get the gist of it from people who do, make an informed decision and, as you say, get on with my life. What I don't do is tell people what they should do if it's a topic I don't understand.

You know what? I don't disagree that many people could get away with disabling Java in their browser, but telling people it's "crap", while colorful, isn't useful to anyone.
Of course it is useful - if it's crap, you don't need it activated, unless you play a handful of Java games or are required by a few legacy websites to use it. Understand now?

There is nothing inflammatory in speaking the truth. Client-side Java is crap, virtually useless and a threat to your computer's security. If you don't like it, feel free to avoid such threads. I just can't stand LIES when people come here and say Java is "so important" and essential to an end user's experience.
 

Swift

macrumors 68000
Feb 18, 2003
1,728
897
Los Angeles
Security of secondary code matrices

Is Java like Flash™, a browser plug-in that is a profound source of security problems because it leaks info from the browser, the OS and the core code, because Flash only becomes decently fast when it accesses the GPU and the CPU directly?

It's looking that way to me. Java: a good solution for the 1980s. 20 years later? More cruft.
 

derbothaus

macrumors 601
Jul 17, 2010
4,060
4
Is Java like Flash™, a browser plug-in that is a profound source of security problems because it leaks info from the browser, the OS and the core code, because Flash only becomes decently fast when it accesses the GPU and the CPU directly?
No.
 

r.harris1

macrumors 6502a
Feb 20, 2012
817
868
Denver, Colorado, USA
Of course it is useful - if it's crap, you don't need it activated, unless you play a handful of Java games or are required by a few legacy websites to use it. Understand now?

There is nothing inflammatory in speaking the truth. Client-side Java is crap, virtually useless and a threat to your computer's security. If you don't like it, feel free to avoid such threads. I just can't stand LIES when people come here and say Java is "so important" and essential to an end user's experience.
Golly. Now I understand! Your eloquence and command of argument and language has convinced me. From now on, I'm sure those of us with Java experience infesting these Java threads will be sure to leave it to you to lead the way. :rolleyes:
 

D.T.

macrumors G3
Sep 15, 2011
9,594
7,872
Vilano Beach, FL
Golly. Now I understand! Your eloquence and command of argument and language has convinced me. From now on, I'm sure those of us with Java experience infesting these Java threads will be sure to leave it to you to lead the way. :rolleyes:
I closed Netbeans and fell into a fetal position on the ground ...
 

itickings

macrumors 6502a
Apr 14, 2007
924
5
Again, you probably don't know the difference between server-side and client-side Java.

99% of users do NOT need Java activated on their computers/browsers; therefore, they do not need to face such stupid risks arising out of a flawed piece of software. Is this so difficult to understand?
Are you sure you quoted the correct post, or were you just blindly raging?

I perfectly well know the difference between server-side and client-side Java. And if you were wondering, I also know the difference between a Java runtime and a Java SDK. The comparison with Xcode was to point out that the reasoning in your post had more or less nothing at all to do with Java and could be applied to anything you don't understand or need.

Seriously, you are making the 99% number up. The fact that you could arbitrarily define your ordinary users to match does not make it right.
 

rmwebs

macrumors 68040
Apr 6, 2007
3,140
0
I guess this is one of the odd occasions where being out of date is a plus, given that no Mac's ship with Java 7 yet.

Thanks Apple/Oracle for your inability to release software updates in a timely manor :)