MacNN Forums (http://forums.macnn.com/)
-   Tech News (http://forums.macnn.com/tech-news/)
-   -   Stealth OS X update once again blocks use of Java (http://forums.macnn.com/113/tech-news/497696/stealth-os-x-update-once-again/)

 
NewsPoster Jan 31, 2013 11:07 AM
Stealth OS X update once again blocks use of Java
Apple is once again blocking the use of the Java web plug-in in OS X, reports say. The company has <a href="http://macnn.com/rd/278389==http://www.macg.co/news/voir/258693/apple-desactive-a-nouveau-java-7-dans-os-x" rel='nofollow'>issued</a> a silent update to OS X's anti-malware system which sets the minimum version of Java beyond the current Mac release, Java 7 Update 11. As a consequence, Java can't be used in web browsers on Macs until Oracle issues its next patch. The step may back (or be based on) views that Java <a href="http://macnn.com/rd/278390==http://www.electronista.com/articles/13/01/14/oracle.raises.default.security.settings.in.java.se curity.patch.to.high/" rel='nofollow'>continues to have serious security flaws</a>. <br />
<br />
Update 11 was itself meant to cope with a vulnerability so serious that the US government issued warnings against using the previous version. The wait for the update marked the first time Apple decided to block Java, even though a number of apps and websites rely on the technology. Only the web plug-in is affected by the block; installed Java apps should continue to run correctly, though updating to the latest version (and the new update when it arrives) is strongly recommended by Oracle.

Apple has gradually distanced itself from Java over the years. At one point the company maintained its own Java fork, but it eventually left those duties up to Oracle after complaints about the Mac version of the software lagging behind. With the release of OS X Lion, Java no longer came pre-installed on Macs, though people can still download it directly from Oracle.
 
daqman Jan 31, 2013 12:21 PM
Oh for pity's sake!
This heavy handed approach of randomly blocking a plugin is stupid. How about a polite warning with a yes or cancel choice? There are legitimate uses for Java, for example the stockroom system at the place where I work, that this breaks. Yes, there are workarounds by editing files buried in OSX but that is very much a hack. When did Apple suddenly start to take this sort of choice out of the user's hands?
 
stainboy Jan 31, 2013 12:34 PM
All Java, or the Java plug-in?
the article makes it sound like all of Java is blocked. is this the case? i'm able to run jEdit right now, which is written in Swing and Java, and it seems to have no issues. if Apple has only disabled the plugin in the browser, it's important to differentiate this.
 
diskrete Jan 31, 2013 01:02 PM
Article is incorrect
Your article states: “As a consequence, Java can't be used at all in OS X until Oracle issues its next patch.” This is alarming, if it were true. But it’s NOT true. Desktop Java apps like Eclipse can still be used, but all Java browser applets are blocked.

I work in IT and, although I’m no fan of Java, I have to use it because many vendors’ sys admin utilities are written in Java. Those still work today on my Mac, which has the latest Xprotect (Apple anti-malware) definitions that were released this morning.
 
diskrete Jan 31, 2013 01:04 PM
Those were supposed to be quote marks
The strange Euro symbols in my previous post were quote marks. Electronista is using the old ISO-8859-1 character set instead of Unicode. Ah well.
 
daqman Jan 31, 2013 01:22 PM
Apps vs Applets
What is blocked, albeit crudely, by Apple is the plugin for Safari that lets a Java Applet run inside Safari. As far as I am aware Java applications running outside a browser are fine. What Apple does is to update a file that tells Safari which plugins it is allowed to load. If the java runtime, which runs local applications, had been disabled then people would be screaming from the rooftop because jEdit, Eclipse and a whole host of other code would stop working. This includes a java based cross platform data acquisition and analysis platform that I've been working on for the last ten years!
 
Creator1326 Jan 31, 2013 01:36 PM
Workaround with Disclaimer
I have developed a LaunchAgent / script combo that deletes the file located at "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist".

Discalimer:
The XProtect.meta.plist file is meant to protect you against malicious files and application versions but the only two listings in there for 10.6.8 users is the 11.5 version of flash and forcing the minimum version to Java 1.7. So beware, I take no responsibility for you using these files/techniques if you should have an insecure applet or java virus floating around your network and you get infected it's your problem.

The LaunchAgent file needs to be owned by root, group wheel permissions as 700.

sudo chown -f root /Library/LaunchAgents/net.yourinitials.deleteXprotect.plist
sudo chgrp -f wheel /Library/LaunchAgents/net.yourinitials.deleteXprotect.plist
chmod -f 700 /Library/LaunchAgents/net.yourinitials.deleteXprotect.plist

If you use Apple's Remote Desktop you can do this with the Copy function and specify the file location, and user : group privileges.

Copy and paste the below into a file called "net.yourinitials.deleteXprotect.plist" and copy to the /Library/LaunchAgents folder.





Label
net.yourinitials.deleteXprotect
LimitLoadToSessionType
LoginWindow
OnDemand

ProgramArguments

./Users/Shared/deleteXprotect.sh
1

KeepAlive

RunAtLoad




ALSO, PART 2

You need to make a file called "deleteXprotect.sh" and copy it to /Users/Shared with owner admin and group wheel, permissions of 700

#!/bin/sh
rm -f /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

Now when you restart your computer it will automatically delete the XProtect.meta.plist file and let gradebook open.
 
Creator1326 Jan 31, 2013 01:39 PM
workaround
Looks like they filtered out my code. If you'd like a copy email eric at jdchs.org
 
noibs Jan 31, 2013 02:52 PM
Need better news reporting
To echo some of the comments above, computer users, especially more novice users, need better and more precise news reporting. Disabling Java in a Web browser is completely different than completely disabling Java--which is not what Apple is doing. I gave up on Java in my Web browsers a while back. But, I still need to have at least some version of Java installed on my computer in order to fully run LibreOffice. I sure wish the LO developers would get rid of the last bit of Java dependencies on the Mac version of LO.
 
BLAZE_MkIV Jan 31, 2013 03:42 PM
As long as it's just the java plugin its fine with me. Java plugins, like shock wave and flash were never a good idea to begin with.
 
blahblahbber Jan 31, 2013 05:30 PM
comment title
this is what crApple's about, now it's up to you to find and pull out the "black box"
 
All times are GMT -4. The time now is 07:18 PM.

Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2014, vBulletin Solutions, Inc.


Content Relevant URLs by vBSEO 3.3.2