Java Update
Updating java on our school's 10.6 and 10.7 computers have made it impossible to launch our PowerSchool gradebooks. Can I roll back the update? Or is there another solution?
Updating java on our school's 10.6 and 10.7 computers have made it impossible to launch our PowerSchool gradebooks. Can I roll back the update? Or is there another solution?
This comment is really meant for others who stumble on this thread. I'm not familiar with CrashPlan and don't know if it needs Java internally or through the browser (or both.) But if the latter -- and I know you will already have thought of this, that's why I said this comment is really intended for others -- set NoScript (Firefox Add-on) to set a placeholder for Java content and only click the placeholder to allow Java on CrashPlan, or the other Java sites you trust. That should minimize the risk, whatever it may be.
After doing some research, I found a plugin for Google Chrome that will put current page you are on into an Internet Explorer wrapper with Java 6 installed in it. Its called Rndr and I have tested it on OSX 10.8 and 10.6.8 and it appears to launch any java plugin or .jnlp webstart app in the browser itself.
https://chrome.google.com/webstore/detail/rndr/aeanibohjlokjdpopecapcfaacnhdifi
WZZZ wrote:
This comment is really meant for others who stumble on this thread. I'm not familiar with CrashPlan and don't know if it needs Java internally or through the browser (or both.)
It is a Java application. No browser involved.
Have there been any active exploits for Java applications in OS X, not drive-bys through the browser, i.e. not web exploits? I've only heard of web exploits.
WZZZ wrote:
Have there been any active exploits for Java applications in OS X, not drive-bys through the browser, i.e. not web exploits? I've only heard of web exploits.
None that I've heard of and there is nothing like that listed on Thomas' MMG. They all seem to involve only the first phase of a drive-by. I believe all the recommendations to avoid Java completely are driven by the shear number of vulnerabilities that keep cropping up. The thinking is that sooner or later somebody will come up with an exploit to take advantage of them on a Mac.
Well, all I can say is I'm very glad I had Java disabled in Firefox (and NoScript), only enabling it per occasion, for several years even before the Flashback arrived. And that was because of the well publicized notoriety of Java browser attacks. Whether or not that notoriety was truly deserved seems to be another question -- one that you have raised -- but it saved my hide.
WZZZ wrote:
Well, all I can say is I'm very glad I had Java disabled in Firefox (and NoScript), only enabling it per occasion, for several years even before the Flashback arrived. And that was because of the well publicized notoriety of Java browser attacks. Whether or not that notoriety was truly deserved seems to be another question -- one that you have raised -- but it saved my hide.
I may not have been entirely clear with my answer, but I was referring to the advise to completely disable Java on a Mac or not install it at all.
I have been recommending that Java be disabled in browsers for a very long time and practice that myself. Luckily I don't currently need to visit any web site that requires it, so it's always off. In the case of Flashback, it was my PPC CPU that prevented me from being infected (I tried several times to find it on purpose).
Got it 🙂
New Java update, at least it seems for Snow and above.
http://support.apple.com/kb/DL1573
About Java for Mac OS X 10.6 Update 11
Java for Mac OS X 10.6 Update 11 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_37.
On systems that have not already installed Java for Mac OS X 10.6 update 9 or later, this update will configure web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled "Inactive plug-in" on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.
WZZZ wrote:
New Java update, at least it seems for Snow and above.
Well, sort of new. That's the one that created the issues we've been discussing here all along and it's only for Snow.
http://support.apple.com/kb/DL1572 is similar for Lion and ML.
Thought you'd be interested in this, if you haven't already heard about it.
http://blogs.computerworld.com/application-security/21173/ugly-side-latest-java- updates
WZZZ wrote:
Thought you'd be interested in this, if you haven't already heard about it.
Thanks, I had not read it.
Here's one from ArsTechnica
and a rant from Derek Currie, who drops by the forum occassionally
http://mac-security.blogspot.com/2012/10/oracle-java-for-mac-fails-installing.ht ml
Good rant! I wouldn't be a happy camper either.
This worked for me!
Summary
An update to Java 6 for Mac OS X was release on October 16, 2012. This update changes the Java version to 1.6.0_37. This version prevents teachers from launching PowerTeacher Gradebook on a Mac OS X client.
This article describes how to update the PowerTeacher Gradebook JNLP file on the PowerSchool server to allow PowerTeacher Gradebook to launch successfully for teachers using Mac OS X.
Client Environments
Windows Operating System
Macintosh Operating System
Workaround
The following workaround requires that the teacher's client machine meets the above requirements for OS and Java compatibility.
\Program Files\PowerSchool\application\components\powerschool-gradebook-<version>\WEB-IN F\classes\com\pearson\powerschool\gradebook\servlet\gradebook.jnlp
<resources>
<resources arch="">
The above workaround should not require a server restart. If your server is in an array configuration, apply the above workaround on each node used for PowerTeacher Gradebook.
Can you give us the source of this please?
Java Update