9 Replies Latest reply: Oct 22, 2013 12:57 PM by gilhouse
Gerben Wierda Level 1 (135 points)

Safari (6.0.2) on 10.7 Lion has started suddenly to refuse to run Java. I get a blocked plug-in message and the request to download and install a Java upload.

 

Even after a install of the downloaded Java 7 Update 10.pkg from Oracle and a reboot, java is still at 1.6

 

hermione:~ gerben$ java -version

java version "1.6.0_37"

 

And there is no Java 1.7 installed

 

hermione:~ gerben$ ls /System/Library/Frameworks/JavaVM.framework/Versions/

1.4                    1.4.2                    1.5                    1.5.0                    1.6                    1.6.0                    A                    Current                    CurrentJDK

 

What must I do to fix this?

  • Gerben Wierda Level 1 (135 points)

    Safari Help->Installed Plugins shows 10.7 installed:

    application/x-java-appletBasic Java Appletsjavaapplet
    application/x-java-applet;deploy=10.10.2Java applet
    application/x-java-applet;javafx=2.2.4Java applet
    application/x-java-applet;jpi-version=1.7.0_10Java applet
    application/x-java-applet;version=1.1Java applet
    application/x-java-applet;version=1.1.1Java applet
    application/x-java-applet;version=1.1.2Java applet
    application/x-java-applet;version=1.1.3Java applet
    application/x-java-applet;version=1.2Java applet
    application/x-java-applet;version=1.2.1Java applet
    application/x-java-applet;version=1.2.2Java applet
    application/x-java-applet;version=1.3Java applet
    application/x-java-applet;version=1.3.1Java applet
    application/x-java-applet;version=1.4Java applet
    application/x-java-applet;version=1.4.1Java applet
    application/x-java-applet;version=1.4.2Java applet
    application/x-java-applet;version=1.5Java applet
    application/x-java-applet;version=1.6Java applet
    application/x-java-applet;version=1.7Java applet
    application/x-java-vmJava applet
    application/x-java-vm-npruntimeJava applet

     

  • Gerben Wierda Level 1 (135 points)

    Apple blocked the Java plugin using the Xprotect mechanism because of a huge security leak.

  • Dimka! Level 1 (0 points)

    I have the same problem.

    How can I unblock the Java plugin to use Oracle Java?

  • Gerben Wierda Level 1 (135 points)

    You can edit XProtect.meta.plist which is at /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta. plist. Change 1.7.10.19 to 1.7.10.18.

     

    You are strongly advised not to do so if you browse the internet far and wide. But in a scenario where you for instance the need the Java plugin to access your office (work at home setup using VPN for instance) you can turn off the Java plugin block this way. If you do that, only use your browser for that work from home scenario, nothing else. Or set it back to the proper value of 1.7.10.19 after you are done working from home.

     

    You need root privileges to edit this file. If you don't know how to do that and edit it, it's better left alone until Oracle has fixed Java and released 1.7.10.19

  • Dimka! Level 1 (0 points)

    Ok. I found what the problem too. I know what is xprotect and why xprotect blocks oracle java now.

    I moved back to apple's java.

    Thanks.

  • Gerben Wierda Level 1 (135 points)

    Moving back to Apple's Java doesn't help as it is as vulnerable for this exploit. Older versions of Java are as vulnerable according to the US government:

     

    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422

     

    You're still better off with the latest Java. If you really need it, enable it in XProtect, disable it in Safari and only enable it in Safari when you do that necessary stuff.

  • baltwo Level 9 (62,215 points)

    AFAICT, this only applies to The MBeanInstantiator in Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier, not Java 6 or earlier. In any case, Oracle's released update 7u11 which fixes the exploit.

  • Gerben Wierda Level 1 (135 points)

    Correct. Yesterday, the NIST entry still showed older versions of Java. Today it only shows 10.7

  • gilhouse Level 1 (0 points)

    Here it is 10 months later and I still have the problem with Java applets not loading for websites like keepvid.com and savevid.com.  It has the same problem with all three browsers I commonly use: Safari, firefox and chrome.

     

    I did find a workaround -- the browser Torch downloads youtube videos seamlessly.