Mac Os X 10.6.8 Java update

OK. I have a fix for you all that seems to work especially if you need Java 6u37 working on any computer Apple disabled it on. This will work best on 10.6 but can work on 10.7/10.8 as well.

Do not attempt this if you do not know what you are doing.

I will not be held responsible for your system if it stops working or you expose yourself to a virus. If you are a novice user, you attempt to do this, and something goes wrong, remember you were warned.

DO THIS AT YOUR OWN RISK:

Using whatever editor you want at command line as root or using sudo, you will need to edit:

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.p list

Change:

To:

Change:

To:

And best of all, change:

To any date in the future. (Bad programming on Apple's part but repreive for those of us who have to support archaic Oracle based systems that won't work under Java 7+.) It won't update again until after the date you put in there.

DO NOT Delete any of the lines that have to do with version number because it will allow older versions of Java, which are not secure, to run. I would also not recommend that you change the date too far ahead if you are on 10.7/10.8 and are running Java 7 because the security holes in Java 7 are horrible.

I spent the wee hours of the night...about 6 of them-all night-- trying to figure out why this was happening.

Then I found out. Now, I've seen posted on here a number of times ways to work around the blocked

plug-in... but my question would be "Why?"

Why would you want to make your computer vulnerable to some jerk from god only knows where getting in

there without you knowing it and stealing your information? Isn't that cutting off your nose to spite your face?

There are over 250,000 ID thefts per day. Want to add your name to the list? I sure don't!

I'm glad Apple has that control and did this. Yes, it would have been nice to be notified but.... I'd still

rather be without Java for a day or two now, than be very sorry later.

I'm sorry the control over Java in the more recent OS has been given to Oracle. I'd rather have Apple

looking out for me. That's one reason we all buy Macs......they're safer!

Just thought I'd add my 2 cents.....for whatever it's worth.

Why would I want Java 6 working on my computer at work? I'll tell you why, there is a little company called Oracle. They make database server software and Java. Other companies make databases that are used to run businesses. Those databases keep track of things like finances, employee information, etc. In educational institutions these databases keep track of student records, donations, finances, employee records, etc. To access those databases we need JAVA. Under 10.6.8, Java 6u37 is the last release for 10.6.8 ever because Oracle is discontinuing Java 6 as of Feb. 1 2013. So we have to re-enable Java 6 because we cannot do our jobs or get paid otherwise.

So if I upgrade to the lastest system software from Apple will Java work then? I'm confused.

kitkat1126 wrote:

So if I upgrade to the lastest system software from Apple will Java work then?

Java has been disabled in Safari (and some other browsers) by Apple in all OS X 10.6.7 and above.

Apple supposedly has an update in testing that will allow it to work again in Snow Leopard.

Oracle has not announced their plans to patch what are said to be four exploits in Java 7, so at the moment it would not help to upgrade your OS X for that reason, but you should consider it for increased security in other areas anyway.

Hello,

First, AWESOME research Shirkan.

In our school system, I disabled Software Update (by pointing it to a non-existent server) in WGM before I went home yesterday. However in my reading/testing this morning I see that the XProtect anti-malware method of updating does not use Software Update but instead is a scheduled launchd item. (http://reviews.cnet.com/8301-13727_7-20069468-263.html)

Question: Is there a way to pump out and run a login script - that uses sudo - via WGM? We do not have a third party management system. When I tried this for another project a month ago I was unable to elevate privileges via login script.

thanks,

chris

So I'm not comforable doing what alucas THX suggested but I think I could try what Shirkan suggests. Is that what you guys would suggest if I'm not an expert? I've never used an editor. My business depends on this. Scared!

Hi cdensha,

you're right. The XProtect update (the plist in this case) is not updated via a SoftwareUpdate. It updates via a launchdeamon or semething when the system starts up. I don't know exactly at the moment, haven't looked for.

I don't want to brake the update process of XProtect, as it could be useful to protect the system to run any maliciuos software.

To get the WebPlugin working again, you could try to run a script via a launchdaemon as root.

at the moment, we (our Company Site) do not need the runtime, only the webplugin so i managed it via a script launched by a launchdeamon:

Script located in /scripts/java-workaround.sh

Code:

---

#!/bin/bash

#changing XProtect.meta.plist to allow only the latest java WebPlugin Version

defaults write /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta. plist JavaWebComponentVersionMinimum "1.6.0_37-b06-434"

---

launchdeamon located in /Library/LaunchDeamons/com.own.java-workaround.plist

Code:

---

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST

1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>JavaWorkaround</string>

<key>ProgramArguments</key>

<array>

<string>/scripts/java-workaround.sh</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>UserName</key>

<string>ROOT</string>

<key>GroupName</key>

<string>WHEEL</string>

<key>StartInterval</key>

<integer>60</integer>

</dict>

</plist>

---

The launchdeamon executes the script every 60 seconds, because sometimes the lauchdeamon executed the script before the XProtect.meta.plist was downloaded from apple, so the download has overwritten the workaround. So i decided to run it every 60 seconds to overwrite the download again 😉

With the script, i only set the WebPlugin minimum Version to the latest from Apple available one. The Runtime is still blocked, so you won't be able to run java executables like jar-files etc.

Hope that helps...

Regards,

Shirkan

And by the way, the solution alucasTHX wrote is more secure then the one in my 1st post.

My solution deletes the complete string of the javaWebcomponent. So every java version is allowed to run.

for kitcat1126:

if you unsure to use an editor, you could do the following:

open terminal and run

sudo defaults write /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta. plist JavaWebComponentVersionMinimum "1.6.0_37-b06-434"

and if you don't want apple to update the plist (in this example until 30 Jan 2014)

open terminal or use the current open one and run

sudo defaults write /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta. plist LastModification "Thu, 30 Jan 2014 00:00:01 GMT"

That enables the latest current available WebComponent of java, but not the older ones. The Runtimes are still disabled. I think Oracle is going to release a newer version asap.

Regards,

Shirkan

Edit: I don't know why, but this forum adds a space between XProtect.meta. and plist. This has to be removed, when pasting the code into terminal 😉

Message was edited by: Shirkan79

Thanks Shirkan79 but (you're going to laugh at me or be completely annoyed) but what is a "terminal". I need some kind of step by step instructions here. Pretty please:)

Ok I found terminal, do I just copy and paste that string (minus the space) in that window and then hit return?? I'm not going to crash my computer:) *scared*

For the plist challenged, you might wanna try this Java Unblocker app: https://www.dropbox.com/s/ckyo32fswxm4gym/Java%20Unblocker.dmg 🙂

I have no idea about, terminal or writing code, so as a workround I have tried SWS_SB's method to remove the Xprotect.meta.plist and it works fine.

Its obviousy not good to have to do this on a large scale network at each login but as a single user and not needing Java that often it will be ok for me.

My Java was working fine on the 30th but not on the 31st as other posters have stated. So am I right in believing that at some point Apple took it into their heads to disable Java on 10.6.8 machines. If that is the case and it's been done for security reasons, then that's fine but if its been done for another reason it would be nice to know why. Also, I think there could have been some prior notification.

Used to love Apple but losing faith.

How did this get blocked to begin with? Was something inadvertently installed/updated somehow someway?

Thanks Shirkan for the update and your launchdaemon. 🙂

It is a launchdaemon that does the updating. I did not want to totally disable it either, but I did not see your solution right away. So I have disabled it for a month by pumping out the command to change the date. I also send the command to allow the latest for Snow Leopard, and also the command for Lion and Mountain Lion.

It turns out Apple Remote Desktop has the feature to send a command as root, so I am able to do a mass send to all macs currently online. Much better than going from machine to machine.

This is working perfectly for Snow Leopard - results are weird for Mountain Lion but seems to be working.

These are the three commands I am sending:

/usr/libexec/PlistBuddy -c "set :JavaWebComponentVersionMinimum 1.6.0_37-b06-434" /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta. plist

/usr/libexec/PlistBuddy -c "set :LastModification Thu, 28 Feb 2013 16:55:59 GMT" /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta. plist

/usr/libexec/PlistBuddy -c "set :PlugInBlacklist:10:com.oracle.java.JavaAppletPlugin:MinimumPlugInBundleVersion 1.7.11.21" /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta. plist