HT201353: About the security content of Java for Mac OS X v10.6 Update 12

Learn about About the security content of Java for Mac OS X v10.6 Update 12
TASchmitt

Q: There have been several news reports about security problems with Java, and several have indicated that Java should still not be installed on our computers.  Does this update address the concerns raised in those news articles?

There have been several news reports about security problems with Java.  Most have indicated that Java should still not be installed on our computers.  Does this update address the concerns raised in those news articles?

Posted on Feb 18, 2013 9:23 AM

Close

Q: There have been several news reports about security problems with Java, and several have indicated that Java should still not be i ... more

  • All replies
  • Helpful answers

  • by John Galt,Helpful

    John Galt John Galt Feb 18, 2013 9:32 AM in response to TASchmitt
    Level 8 (49,787 points)
    Mac OS X
    Feb 18, 2013 9:32 AM in response to TASchmitt

    Whatever you read in the hyperventilating entertainment venue masquerading as "news" should be considered with a healthy degree of skepticism. Having said that Java is a potential vector for malware intrusion, and avoidance of it is a good idea. I have not needed Java for any reason in several years, and don't miss it a bit.

     

    If you need Java, you have no choice: download it directly from Oracle and use it at your own risk. Disable Java when not in use. Configure your Safari Preferences like this:

     

    Screen Shot 2013-02-18 at 12.32.04 PM.png

     

    If your banking or brokerage website requries Java, I seriously recommend finding another bank or broker.

  • by BobHarris,Helpful

    BobHarris BobHarris Feb 18, 2013 10:07 AM in response to TASchmitt
    Level 6 (19,628 points)
    Mac OS X
    Feb 18, 2013 10:07 AM in response to TASchmitt

    The Java web browser plug-in is the primary problem child.  Disable it in your browser.  John Galt has show how to disable the plug-in for Safari.  There are similar ways to disable the plug-in for other browsers.

     

    If you are running a Java app, such as CrashPlan, then the Java issues are not a problem for you.

     

    Again, it is the Java plug-in that is the security vector, and not Java applications.


    If you have a web site that insists on using the Java plug-in then you should consider whether you really need to use that web site, or if they will work without the Java plug-in being enabled.

     

    Finally, do not confused JavaScript with Java. The only thing they have in common are the 1st 4 letters of their name.  JavaScript is essential for most web sites these days, and should be enabled in your browser.