Java Update
Updating java on our school's 10.6 and 10.7 computers have made it impossible to launch our PowerSchool gradebooks. Can I roll back the update? Or is there another solution?
31 replies
Previous versions of Java are very insecure, perhaps your better off waiting for a update from the third party software maker rather than have all the machines exploited.
Because hackers can compare the older version with the newer, they can see what's been changed and know where the vulnerabilities are.
https://threatpost.com/en_us/blogs/apple-patches-java-flaws-101812
Actually the article supports the fact that Apple has been proactive in patching possible threats including SE 6 1.6.0_37.
Java is notoriously responsible for many vulnerabilities, if you must run it then these are the instructions:
I DO NOT have Mac version 10.7.3 (Lion) or higher. How do I get Java for other Mac versions?
For Java versions 6 and below, Apple supplies their own version of Java. Use the Software Update feature (available on the Apple menu) to check that you have the most up-to-date version of Apple's Java for your Mac.
I DO have Mac version 10.7.3 (Lion) or higher.
Users of Lion Mac OS X 10.7.1 and 10.7.2 should upgrade to 10.7.3 or later versions via Software Update, so you can get the latest Java 7 version from Oracle.
Download page here:
https://www.java.com/en/download/manual.jsp#mac
Why will Applets not run after getting Java through Apple Software Update?
Apple disables the Java plug-in and Webstart applications when the Java update is done using Software Update. Also, if the Java plug-in detects that no applets have been run for an extended period of time it will again disable the Java plug-in.
To enable the Java plug-in
Go to Finder > Applications > Utilities > Java Preferences.
In the Java Preferences window check the box for Enable Applet plug-in and Webstart applications.
Why is Java 7 available only for Mac OS X 10.7.3 and above?
The Java Runtime depends on the availability of an Application programming interface (API). Some of the API were added in Mac OS X 10.7.3. Apple has no plans to make those API available on older versions of the Mac OS.
Please point me to the posts of victims of the Java exploits.
macjack wrote:
Please point me to the posts of victims of the Java exploits.
Too numerous, but you can read about it here
https://en.wikipedia.org/wiki/Trojan_BackDoor.Flashback
and also search security news online about numerous continuous security issues with Java across all platforms.
Sorry, I have other things to do, you'll have to get up to speed on it on your own. 🙂
Java is notoriously responsible for many vulnerabilities, if you must run it then these are the instructions:
Yes, I've read about it. What I'd like to hear are some first party accounts from folks here on ASC.
I'm not saying Java doesn't have vulnerabilities, that's proven on a daily basis. All I'm trying to do is say that folks ain't dropping like flies and I wish you'd reduce your threat level a couple of decibels 😉
I am having the same problem with powerschool, my current solution is to tell teachers not to upgrade to java. Anyone that does upgrade will have to be re-imaged to restore the older version of java.
mvc09 wrote:
Updating java on our school's 10.6 and 10.7 computers have made it impossible to launch our PowerSchool gradebooks.
Have you tried upgrading the 10.7 computers to Java SE 7? Verify Java Version.
Are gradebooks run from a browser or is it a Java application? If browser, then the update disabled your plug-ins and you need to install the newer one.
Java SE 7 is not available for OSX10.6 and gradebook runs as a Java application. When you launch the .jnlp file, it loads the application into the cache, but doesn't launch the application.
macjack wrote:
Please point me to the posts of victims of the Java exploits.
By far the majority can be found in this thread: .rserv wants to connect to cuojshtbohnt.com. You'll find others by checking for Flashback posts after February when the Java version was introduced.
I'm sure there are a few others that are Tibetan sympathizers that have also been subjected to the targeted malware sent in their direction, but those numbers are small.
macjack wrote:
Java is notoriously responsible for many vulnerabilities, if you must run it then these are the instructions:
Yes, I've read about it. What I'd like to hear are some first party accounts from folks here on ASC.
I'm not saying Java doesn't have vulnerabilities, that's proven on a daily basis. All I'm trying to do is say that folks ain't dropping like flies and I wish you'd reduce your threat level a couple of decibels 😉
They were dropping like flies during the Flashback episode. Going in through Java, which has been relentlessly exploited over the years, is an easy exploit and it's waiting to happen again to anyone who runs Java in the browser. Regardless of the recent patches, a new vulnerability will inevitably be found.
I think the threat level is completely justified.
Unless it's been fixed, Java 7 had a serious vulnerability not present in Java 6.
macjack wrote:
All I'm trying to do is say that folks ain't dropping like flies ...
Not right at this minute, but Java represents a serious continuous threat on Mac's and we only have one shot at their eyeballs here to tell them that.
...I wish you'd reduce your threat level a couple of decibels
When Java ceases being a threat I will. 🙂
BTW, I copied some sort of HTML tags along with the text from the Oracle FAQ, thus was unable to change the font/size here to tone it down in time for the timeout.
So if I unintentionally assaulted your sensitive croc nightseeing, cat eating eyeballs that was reason. 😝
WZZZ wrote:
They were dropping like flies during the Flashback episode. Going in through Java, which has been relentlessly exploited over the years, is an easy exploit and it's waiting to happen again to anyone who runs Java in the browser. Regardless of the recent patches, a new vulnerability will inevitably be found.
Sure, vulnerabilities by the hundreds over how ever many years Java has been with us, but in all that time only one was exploited on Mac OS X by three or four pieces of Malware? I'm sure there are similar numbers for Flash vulnerabilities and there are bunches of PDF, JavaScript, and Office Macros, but wouldn't you agree that they have to be shown to be exploitable on a Mac before we start calling them a threat. There have been a few proof-of-concepts around, probably more than we know about,but until we start seeing bulk infections, I'm sure the experts in the field (most working for A-V vendor labs) will continue to consider them all low threat.
I'm all for taking every precaution to minimize these possibilities, I'm just not ready to give up CrashPlan on the off chance somebody will figure out a way to use it's Java code to attack me or my data. I have even been known to use Flash Player when nothing else will work. I'm not ready to give up the internet and go back to relying on my daily newspaper and weekly magazine to try and keep up with what goes on in the world these days.
PaulRTJR wrote:
Java SE 7 is not available for OSX10.6 and gradebook runs as a Java application.
Which is why I didn't mention it.
When you launch the .jnlp file, it loads the application into the cache, but doesn't launch the application.
Well, I have to give up on this as I'm not in any position to test anything with my setup and I think I've read all the available information on the update, so far, so all I can recommend is to feed all this to Pearson (PowerSchool's developer) who's in a better position to deal with Apple and/or Oracle to resolve it.
Java Update