MacNN Forums (
-   Mac News (
-   -   Apple adds site-specific controls to Java, updates Safari (

NewsPoster Apr 16, 2013 08:00 PM
Apple adds site-specific controls to Java, updates Safari
Apple on Tuesday updated both <a href="" rel='nofollow'>Java</a> and its web browser <a href="" rel='nofollow'>Safari</a> for users of OS X 10.6.8 (Snow Leopard) and higher. The updates now allow users to enable the Java web plug-in on a <a href="" rel='nofollow'>site-by-site basis</a>, as opposed to the "active" or "inactive" options it had previously. Following a spate of serious issues, Apple <a href="" rel='nofollow'>forcibly disabled</a> the Java plug-in because of malicious, in-use threats -- though users could reactivate Java once they updated. <br />
<br />
Safari has now been updated to version 6.0.4 for OS X Lion and Mountain Lion (10.7.x and 10.8.x, respectively), and <a href="" rel='nofollow'>version 5.1.7</a> for Snow Leopard (10.6.8). The only listed change in the 6.x version is the ability of the browser to ask the user if they would like the Java plug-in activated for a particular site, having detected the use of Java on that page.<br />
<br />
The intention is to make it easier for users to quickly add trusted sites that employ Java to the "whitelist" while keeping the plug-in inactive on unfamiliar or untrusted sites. Users can also manage settings, choosing to always allow Java on some sites and always block it on others, or ask on each occasion or allow on a one-time basis.<br />
<br />
While Java has seen greatly-declining use on many web pages -- in part due to its ongoing security issues -- it is still required for some applets and other users on a variety of sites. For example, a casual game-player might want to keep Java "always on" when visiting a game site like <a href="" rel='nofollow'></a>, but off for most other sites where Java isn't mandatory for the site's functionality. Safari will now show a "blocked plug-in" message where a Java element is present but not active, and should a serious security issue emerge in the present version Apple would likely disable the plug-in again until users updated to a patched version.<br />
<br />
The Snow Leopard version of the latest Safari takes the opportunity to includes some addition updates and fixes. <a href="" rel='nofollow'>Version 5.1.7</a> improves performance when the system is low on memory, automatically disables versions of Adobe Flash that aren't up-to-date for security reasons (though it provides the option for users to download the latest version for their system), and fixes a pair of other bugs. One of the issues could prevent webpages from responding to the pinch-to-zoom gesture on trackpads or Magic Mouse devices, while the other affected some websites that used forms to authenticate users.<br />
<br />
In addition, Apple has updated Java for system on 10.6.8 and later. For Snow Leopard, the update is called <a href="" rel='nofollow'>Java for Mac OS X 10.6 Update 15</a>, and upgrades Java SE 6 to version 1.6.0_45 as well as enabling site-by-site control of the plug-in in connection. For Lion and Mountain Lion, the update is referred to as <a href="" rel='nofollow'>Java for OS X 2013-003</a> and again updates any installations of Java SE 6 to version 1.6.0_45.<br />
<br />
On systems that haven't already installed Java for OS X 2012-006, the update will disable the Java SE 6 web plug-in completely (users will still have the option to update to the latest version of Java SE 7, or install the 2012-006 update). Java applets outside of web browsers will continue to function normally. Lion and Mountain Lion users can also install Java SE 7 <a href="" rel='nofollow'>directly from Oracle's website</a> in order to run the most recent version of Java, which has already been updated to deal with the previous security threats. Apple does not post updates to Java SE 7, having relinquished responsibility for it to Oracle with the release of Lion.<br />
<br />
<br />
hayesk Apr 17, 2013 11:49 AM
This is a great feature. There are many institutions which require java clients for access to their systems.
Flying Meat Apr 17, 2013 03:40 PM
It appears to fix a bug
in Java applets, where a text field is drawn on screen, but the actual active entry point is around half an inch higher, or it doesn't accept input at all.
The previous workaround was to move the applet window, or to command+tab to another application and back again.

No longer an issue!

Be aware that the disabling of a known vulnerable version of a Java component is still a possibility. This won't assure uninterrupted use of a significantly vulnerable Java component.
All times are GMT -4. The time now is 10:42 PM.

Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

Content Relevant URLs by vBSEO 3.3.2