Previous 1 2 Next 26 Replies Latest reply: Feb 2, 2013 1:25 AM by Gilles.E Go to original post
  • WZZZ Level 6 Level 6 (12,775 points)

    Apple disabled Java 6 in Safari through its XProtect anti-malware due to a serious security threat.

  • DrDerrick Level 1 Level 1 (0 points)

    Many thanks for your quick reply!

     

    Let me see if I understand. The update for Java that Apple sent (version 1.6.0_37-bo6-434) through the Software Update has been disabled by Apple. It would have been nice if Apple had made some sort announcement to their customers, and explained this before I downloaded it. Presumably I have to get Java 7 now, but I undestand that that version doesn't run on my 10.6.8, and that I will first need to upgrade to Lion. Is that the case, or is there another way that I can ue a current version of Java?

  • WZZZ Level 6 Level 6 (12,775 points)

    As Java is a persistent security threat, I keep Java disabled in all my browsers and in Java Preferences.app, so I can't be sure of this: I think Firefox also disabled the Java 6 plugin, but they may have reenabled it. Don't really know. MIght also try Chrome.

     

    Apple doesn't even automatically include the Java Runtime Environment any longer in Lion or Mountain Lion.

     

    Java 7 was also disabled by the same XProtect update, but there was a "safer" replacement from Oracle. (Note, "safer" in quotes--if I recall, as soon as the new update arrived, it was also being hit.)

     

    You need to be extremely careful where you allow Java applets to run. Many sites have been, and will be, compromised.

     

    Oracle already has one, but Apple may or may not update Java 6 in Snow Leopard. In SL they need to come through Apple.

  • WZZZ Level 6 Level 6 (12,775 points)

    Apple has just updated XProtect to block any version of Java lower than 1.7.11_22

  • GlintOZ Level 1 Level 1 (0 points)

    Yep, Just edited the XProtect.meta.plist and changed the version in the string from 1.7.11_22 to 1.7.10 and it worked for me.

     

    They need to provide a release note or updatethat states what they have done or more useful message in Safari that says "Blocked by XProtect"  so people don't waste hours trying to work out why Java stopped working. Although after having it happen twice I won't get caught a 3rd time.

  • WZZZ Level 6 Level 6 (12,775 points)

    Interesting workaround. The vast majority of users have no idea XProtect even exists, or if they do, how to find it and edit it.  I agree, Apple should provide some way of alerting people to this. But not sure how they'd do that.

     

    Hope you know how to stay safe, though.

  • DrDerrick Level 1 Level 1 (0 points)

    That's very helpful. Many thanks!  I wasn't even aware that Java was a problem. I guess I'll have to learn to live without it.

     

    As to how Apple could let us all know about these problems and what they are doing about it, they don't seem to have ay problem letting us know about every new gizzmo they have for sale...


    Thank again fo all your help.

  • DJVA Level 1 Level 1 (0 points)

    Here is a fast way to fix this temporarily:

     

    Launch Terminal (Applications > Utilities > Terminal)

     

    Enter:

     

    sudo /usr/libexec/PlistBuddy -c "Delete :JavaWebComponentVersionMinimum" /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

     

    Enter your Mac OS X password.

     

    This deletes this file until Apple sends it to your computer again via XProtect (which is just the name of the file, Apple doesn't name this process to the public). 

     

    This DOES impact Java 6, as well as Java 7.  All the news articles today state this is a Java 7 issue, which is incorrect.

     

    THIS IS A NIGHTMARE FOR ENTERPRISE JAVA USERS.  Oracle EBusiness uses Java as a web application. For Apple to do this, and not even give a head's up to their customers who utilize Macs for Enterprise, is horrendous customer service.  A dialogue box that at least tells their users WHY Java has suddenly, in the middle of the day, quit working would be more helpful than the nonsense that happened today.

  • baltwo Level 9 Level 9 (62,210 points)

    You could always just remove XProtectUpdater from /usr/libexec/ and that'll stop any changes from occurring after you change the plist file. Alternatively, change the StartInterval in the com.apple.xprotectupdater.plist file.         

  • Gene Wicker Jr Level 1 Level 1 (5 points)

    MUCH THANKS to all for this thread and the hacks to re-enable Java 1.6. This silent move by Apple crippled one of our departments and I spent hours trying to solve it before locating this thread. All I can say is that it would not be wise for an Apple rep to contact me right now. As DJVA stated, this is horrendous customer service.

  • Gilles.E Level 1 Level 1 (0 points)

    I have the same problem the link goto "check update software"

  • Gilles.E Level 1 Level 1 (0 points)

    The latest update, today, solved the problem : 1.6.0_39

Previous 1 2 Next