Currently Being ModeratedRe: Hello, For the past 24 hours, a site that I use on a regular basis blocks a JAVA plug-in when trying to open a page supposed to show a chart. Has anyone run into that same situation? Thanks.Jan 11, 2013 6:02 PM (in response to anaitis14)
More info on the issue. I opened a chart in Safari, and got the message BLOCKED PLUG-IN. A window popped up, asking to download the lastest JAVA software which I did .... Did not change anything as I got the same message "Blocked plug-in" I uninstall JAVA and reinstalled it ... did not change anything.
The same issue does not appear when using Firefox, only with Safari.
When asking from java.com to check for any JAVA software in my mac, it does not see the installed software.
Has anyone run into this situation?
Any help would be greatly appreciated.
Currently Being ModeratedJan 11, 2013 8:18 PM (in response to anaitis14)
You installed the Oracle Java 7 plugin, which is insecure and has been blocked by Apple. To revert to the Java 6 plugin, follow these instructions:
Currently Being ModeratedJan 11, 2013 9:31 PM (in response to Linc Davis)
Thank you very much for your help.
Have been trying to find a solution since yesterday without any luck.
Went to an Apple store and they could not help me.
So, THANK YOU VERY MUCH for your help.
I followed the step you indicated and it resolved the issue right away.
Currently Being ModeratedJan 11, 2013 9:41 PM (in response to anaitis14)
Linc is partically right, that may get you working again, but know that that also puts your computer at risk of compromise. You're effectively downgrading to an unsuporrted and less secure version of Java. You're side-stepping the protections of XProtect, which is Apple's way to help protect customers against active security risks that are targeting the Safari browser and associated plugins.
It is not that you installed an insecure version - and Apple blocked it - the problem is that *all* versions of Java are currently insecure, and Java 6 is far less secure than Java 7.
The worst thing you can do for your security is to downgrade to an even less secure and unsupported software product - Oracle is working on a patch for Java now, by the way.
There are a couple of options, but you have to weigh them against the risks. The reason for the change was to protect users, afterall.
One option is to use some of the online hints to go back to Java 6 - that is a horrific idea and puts your system at the greatest risk. It's like a Windows user going from an up to date copy of Windows 7 back to Windows XP. Or going from Mountain Lion to Panther. Going backwards is almost never a solution for security - but it will allow you to run Java plugins again.
Another option is to manually modify XProtect in Safari to accept the 1.7.10r18 version as valid. This is also risky because there are active exploits in the wild for this version of Java. That is the reason for Apple's change this week - there were several exploits shown to work, and work against Macs running Java 7. I'm not sure how often XProtect does its thing, but, if you manually modify the plist, you may have to do so repeatedly.
You can also run the developer version of Java, which is 1.7.12 - I don't believe this has a *fix* for the exploit that is currently being used, but, it will fool Safari into thinking you are running a newer version thatn 1.7.10r18.
Your final option is to wait. Oracle will likely update soon. If you really need Java, you can probably use Firefox and 1.7.10r18, but you still are running a risk of having your system compromised.
If you are diligent and only enable Java 6 when you access a particular and very well trusted Java based site/applicaiton, and disable it when you're not needing it, you may be okay - but keep in mind that the security weakness that breaks in Java 7 from this week is *also* present in Java 6...and you'll have to deal with all of the Java 6 based security issues as well.
It's a tough call, and entirely a personal one for you and the risks you consider to be acceptable to your computing environment.
Currently Being ModeratedJan 13, 2013 1:09 PM (in response to ScottM)
Thanks for your input. Much appreciated.
1- How do you manually modify XProtect as adviced in your response?
2- How do you run the developer version of JAVA? Would you know the steps to follow to do that?
3- Waiting seems to be the best option. Is there a site or an Oracle page that I can check to find out if/when Oracle would have fixed the issue?
Using Firefox might be to solution as Java 7 does work with it.
You are right ... tough call either way ... Thank you very much for all your input.
Currently Being ModeratedJan 13, 2013 1:50 PM (in response to anaitis14)
Oracle has updated Java 7 to Release 11, which will fix the Safari issue, but, more importantly, addresses security issues:
And you can get it via java.com now.
Currently Being ModeratedJan 13, 2013 2:00 PM (in response to ScottM)
Thanks for the update.
Downloaded it and it works just fine. Thanks a lot for your help with regard to this matter.