Currently Being ModeratedFeb 1, 2013 1:58 PM (in response to lookforandrew)
Are you certain that you must do this? Both Oracle and Apple have taken extraordinary steps to prevent the use of the current version and have not even had time to document exactly what exploit needs to be patched, yet. I would strongly encourage anybody that can wait for the official update to avoid the use of Java in their browser until we at least understand what the threat is and then decide if it's worth taking a chance with it.
Currently Being ModeratedFeb 1, 2013 3:04 PM (in response to HappyBlackJack)
Oracle on Friday February 1 released a new version reportedly addressing vulnerabilities seen with the last build.
Apple disabled Java 7 through the OS X XProtect anti-malware system, requiring users to have at least version "1.7.0_10-b19" installed on their Macs. The release dated February 1 carries the designation "1.7.0_13-b20," meeting Apple's requirements.
Oracle "strongly recommends" applying the CPU fixes as soon as possible, saying that the latest Critical Patch Update contains 50 new security fixes across all Jave SE products.
Currently Being ModeratedFeb 1, 2013 6:03 PM (in response to HappyBlackJack)
Java 7 updated for 10.7-10.8
Released Feb 1, 2013, fixes 50+ security flaws
Download and install
For Java versions 6 and below OS X 10.5-10.6 machines
Apple supplies their own version of Java. For Mac OS X 10.6 and below, use the Software Update feature available under the Apple menu to check that you have the most up-to-date version of Java 6 for your Mac.
Java SE 6 End of Public Updates
After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. We highly recommend downloading and installing Java 7.
If your considering upgrading OS X from 10.6.8 to 10.8 via AppStore to run Java 7
Be forewarned no PowerPC based programs or driver software will run any longer.
Check here BEFORE you upgrade OS X!
Alternatives if you must run Java 7
If Apple disabled Java 6 in 10.6, and you can't upgrade OS X to 10.8, then your pretty much done with Java in OS X because Oracle won't issue updates for Java 6 anymore.
However you can install Windows 7 and continue to use Java 7+ there until support for Windows 7 ends in 2020.
If your on 10.6, I very highly recommend the free Virtualbox for the virtual machine software as it gets updates, VMFusion and Parallels have moved on with only 10.7+
Currently Being ModeratedFeb 1, 2013 7:08 PM (in response to HappyBlackJack)
Check Software Updates...
APPLE-SA-2013-02-01-1 Java for Mac OS X v10.6 Update 12
Java for Mac OS X v10.6 Update 12 is now available and addresses the following:
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in Java 1.6.0_37
Description: Multiple vulnerabilities exist in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_39. Further information is available via the Java website at http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
Currently Being ModeratedFeb 2, 2013 9:42 PM (in response to kitkat1126)
Great. So should we try to reverse Shirkan's original solution that allows other versions of Java to run, and if so, any suggestions on what needs to be done in Terminal? Thanks, Richard
Currently Being ModeratedFeb 2, 2013 11:02 PM (in response to rickkkk)
So should we try to reverse Shirkan's original solution that allows other versions of Java to run, and if so, any suggestions on what needs to be done in Terminal?
It's not absolutely necessary as long as you are talking about the terminal command he first recommended:
sudo /usr/libexec/PlistBuddy -c "Delete :JavaWebComponentVersionMinimum" /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta. plist
It was reported that this only worked for 24 hours, but it will definitely be replaced the next time Apple sends out a new XProtect update.
For those who implemented his LaunchDaemon plan, I would toss those two files as they will simply waste a few milliseconds when they run every minute and it will also stop any future blocks that Apple sends out whether you want it to or not.
Currently Being ModeratedFeb 2, 2013 11:15 PM (in response to MadMacs0)
I am speaking of that original terminal command as you suggest. Although he prospectively suggested it would only last a day, it has in fact continued to work. Having done the recent Apple Jave update for 10.6.8 OS, that file that was altered (the XProtect.mplist file) is still the same (looking at "quicklook" of file) as before this update, so I'm guessing it's as it was after that terminal command we are speaking of. It still says modified on 1-31-13.
Anyone think I need to reverse the spell?
Currently Being ModeratedFeb 3, 2013 3:57 AM (in response to rickkkk)
to reverse my 1st command, simply delete
if not appliable with finder, you can do it with terminal
sudo rm -f /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist
reboot the mac and it will automaticly downloaded from apple again in its original state.
same for the defaults write commands...
if you have implemented the launchdeamons, just delete the script and the launchdeamon
if you followed my instructions, the script location is /scripts/java-workaround.sh
command in terminal:
sudo rm -f /scripts/java-workaround.sh
the launchdeamon sits /Library/LaunchDeamons/com.own.java-workaround.plist
command for terminal:
sudo rm -f /Library/LaunchDeamons/com.own.java-workaround.plist
just delete these 2 files +
(1st Command listed above)
as it would redownloaded from apple next time the mac reboots.