Skip navigation

Blocked JAVA Plug-in when using Safari to access a JAVA enabled chart via Safari

1732 Views 7 Replies Latest reply: Jan 13, 2013 2:00 PM by anaitis14 RSS
anaitis14 Calculating status...
Currently Being Moderated
Jan 11, 2013 6:04 PM

Hello, For the past 24 hours, a site that I use on a regular basis blocks a JAVA plug-in when trying to open a page supposed to show a chart.  Has anyone run into that same situation?  Thanks.

MacBook Pro
  • Linc Davis Level 10 Level 10 (107,445 points)

    You installed the Oracle Java 7 plugin, which is insecure and has been blocked by Apple. To revert to the Java 6 plugin, follow these instructions:

     

    How to re-enable the Apple-provided Java SE 6 applet plug-in

  • ScottM Level 1 Level 1 (120 points)

    Linc is partically right, that may get you working again, but know that that also puts your computer at risk of compromise.  You're effectively downgrading to an unsuporrted and less secure version of Java.  You're side-stepping the protections of XProtect, which is Apple's way to help protect customers against active security risks that are targeting the Safari browser and associated plugins.

     

    It is not that you installed an insecure version - and Apple blocked it - the problem is that *all* versions of Java are currently insecure, and Java 6 is far less secure than Java 7. 

     

    The worst thing you can do for your security is to downgrade to an even less secure and unsupported software product - Oracle is working on a patch for Java now, by the way.

     

    There are a couple of options, but you have to weigh them against the risks.  The reason for the change was to protect users, afterall.

     

    One option is to use some of the online hints to go back to Java 6 - that is a horrific idea and puts your system at the greatest risk.  It's like a Windows user going from an up to date copy of Windows 7 back to Windows XP.  Or going from Mountain Lion to Panther.  Going backwards is almost never a solution for security - but it will allow you to run Java plugins again.

     

    Another option is to manually modify XProtect in Safari to accept the 1.7.10r18 version as valid.  This is also risky because there are active exploits in the wild for this version of Java.  That is the reason for Apple's change this week - there were several exploits shown to work, and work against Macs running Java 7.  I'm not sure how often XProtect does its thing, but, if you manually modify the plist, you may have to do so repeatedly.

     

    You can also run the developer version of Java, which is 1.7.12 - I don't believe this has a *fix* for the exploit that is currently being used, but, it will fool Safari into thinking you are running a newer version thatn 1.7.10r18.

     

    Your final option is to wait.  Oracle will likely update soon.  If you really need Java, you can probably use Firefox and 1.7.10r18, but you still are running a risk of having your system compromised.

     

    If you are diligent and only enable Java 6 when you access a particular and very well trusted Java based site/applicaiton, and disable it when you're not needing it, you may be okay - but keep in mind that the security weakness that breaks in Java 7 from this week is *also* present in Java 6...and you'll have to deal with all of the Java 6 based security issues as well.

     

    It's a tough call, and entirely a personal one for you and the risks you consider to be acceptable to your computing environment.

  • ScottM Level 1 Level 1 (120 points)

    Oracle has updated Java 7 to Release 11, which will fix the Safari issue, but, more importantly, addresses security issues:

     

    http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html

     

    And you can get it via java.com now.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.