HT201222: Apple security updates

Learn about Apple security updates
Canyonlight

Q: Weird security update Java for OS X 2013-003

Why is the security update Java for OS X 2013-003 causing my 15" rMBP to start displaying a flashing window asking me if I want to allow the application "java" to accept incoming network connections?

 

OS X 10.8.3

MACBOOK PRO (RETINA, 15-INCH,EARLY 2013), OS X Mountain Lion (10.8.3)

Posted on Apr 18, 2013 9:21 PM

Close

Q: Weird security update Java for OS X 2013-003

  • All replies
  • Helpful answers

  • by Canyonlight,

    Canyonlight Canyonlight Apr 18, 2013 9:22 PM in response to Canyonlight
    Level 1 (24 points)
    iPad
    Apr 18, 2013 9:22 PM in response to Canyonlight

    One more detail: attempting to click on the "allow" or "deny" button has no effect. The window simply continues to flash every few seconds.

  • by MrHoffman,

    MrHoffman MrHoffman Apr 19, 2013 3:13 AM in response to Canyonlight
    Level 6 (15,637 points)
    Mac OS X
    Apr 19, 2013 3:13 AM in response to Canyonlight

    I'm presuming this is some local Java code or other JVM-using code that you're running, that this Java code is something you trust, and that this code is not something you're downloading from the network via Safari or another browser, and particularly not something you're launching via the Java web start browser plug-in.

     

    Here's a related Java incoming-connections firewalll discussion, and I'm guessing that the particular Java connection dialog you're getting is the one shown in that post.  See if what's discussed there helps resolve this.

  • by Rain.Air,

    Rain.Air Rain.Air Apr 19, 2013 3:27 AM in response to Canyonlight
    Level 1 (0 points)
    Apr 19, 2013 3:27 AM in response to Canyonlight

    I have the same problem, (after udating my mac yesterday (18.04.2013) the flashes are apps > open & close in Milii-seconds. i count about 70 flashes per Minute.  Mac OSX 10.6.8

     

    AND !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Every flash stop and disabled my worklflow. I need to work - i have daedlines but ...

    ... just for this little text i needed 15 Minutes. F*****ck

    Please give me back the old version - Thank you !

  • by Canyonlight,

    Canyonlight Canyonlight Apr 19, 2013 8:03 AM in response to MrHoffman
    Level 1 (24 points)
    iPad
    Apr 19, 2013 8:03 AM in response to MrHoffman

    MrHoffman, I'm not going to pretend that I am very knowledgeable about Java. Some time ago there was apparently a security issue with Java. Intego recommended that we disable Java. I use Firefox and went to the Add-ons manager, plugins tab and disabled the Java Applet Plug-in 14.6.1.

     

    My Systems Preferences>Security & Privacy>Firewall tab settings are: Firewall on; DDService64d, hasplmd, and iTunes.app are set to allow incoming connections. Both the "Automatically allow signed software..." and "Enable steath mode" boxes are checked.

     

    I have restored my rMBP to the state where it was before I downloaded and installed the Java for OS X 2013-003 update. This corrected the flashing Java window. I am very reluctant to reinstall the Java for OS X 2013-003 update now.

     

    Any help would be appreciated. Thanks.

  • by sactoken,

    sactoken sactoken Apr 20, 2013 10:20 AM in response to Canyonlight
    Level 1 (0 points)
    Apr 20, 2013 10:20 AM in response to Canyonlight

    I'm having the same problem. Not only occurs when using browser, but also when just the desktop is open.  If I try using iTunes, it crashes everytime the "Java" pop-up window appears.

  • by MrHoffman,

    MrHoffman MrHoffman Apr 20, 2013 12:56 PM in response to Canyonlight
    Level 6 (15,637 points)
    Mac OS X
    Apr 20, 2013 12:56 PM in response to Canyonlight

    It appears that these errors are arising because:

    1. Oracle Java has been installed on your system,
    2. there is some add-on code that is running, and that is using Oracle Java components,
    3. the add-on code is attempting to initiate network connections,
    4. and the Oracle Java connections are failing. 

    Basically, there is Oracle Java code running here somewhere — code which is not part of OS X, as OS X 10.7 and later do not include Oracle Java by default — and this (unknown) code is using Oracle Java and the Java Virtual Machine (JVM), and the code is encountering some new "defensive' measures.  Or is encountering an Oracle Java bug, which would be an Oracle issue with their Oracle Java product.

     

    Y'all have to figure out what code is running here (and that is dependent on Oracle Java and the JVM), and if the code is expected and necessary here, to then work with the vendor to resolve the behavior here and/or upgrade to the provider's current version of the software.

     

    Based on the DDService64d reference, there appears to be Drobo software here, and some Drobo software apparently requires Java and the JVM.  Here is some information from Drobo.  (There's a recommendation there to disable Gatekeeper, and — while that likely does resolve the issues referenced — I'd prefer to avoid disabling Gatekeeper in general.)

     

    Again, figure out what's installed and using Java here.  Remove it, upgrade it, or check with the vendor.

     

    Oracle Java does have a recent history of various serious security issues, and it's common practice to disable the Oracle Java web-start plug-in, or to entirely avoid installing Oracle Java on OS X on 10.7 and later.  If you're not using and don't need Oracle Java, then don't install it.   If you've previously installed Oracle Java and don't need it (as is the case on OS X 10.7 and later), reportedly Oracle has a tool which can remove Oracle Java.

     

    note: Oracle Java is completely different from JavaScript.