Previous 1 2 3 4 5 Next 72 Replies Latest reply: Jun 10, 2015 6:08 PM by jérômefromnice Go to original post
  • MadMacs0 Level 5 (4,700 points)

    Are you certain that you must do this?  Both Oracle and Apple have taken extraordinary steps to prevent the use of the current version and have not even had time to document exactly what exploit needs to be patched, yet. I would strongly encourage anybody that can wait for the official update to avoid the use of Java in their browser until we at least understand what the threat is and then decide if it's worth taking a chance with it.

  • Klaus1 Level 8 (47,600 points)


    Oracle on Friday February 1 released a new version reportedly addressing vulnerabilities seen with the last build.

    Apple disabled Java 7 through the OS X XProtect anti-malware system, requiring users to have at least version "1.7.0_10-b19" installed on their Macs. The release dated February 1 carries the designation "1.7.0_13-b20," meeting Apple's requirements.


    Oracle "strongly recommends" applying the CPU fixes as soon as possible, saying that the latest Critical Patch Update contains 50 new security fixes across all Jave SE products.

  • MadMacs0 Level 5 (4,700 points)

    Thanks Klaus, but that's not going to help these folks who need the Java 6 update from Apple.

  • Klaus1 Level 8 (47,600 points)

    Does this no longer work?


  • sanjampet Level 5 (7,760 points)

    I can live happily without Oracles Java, I have yet needed to have to use it it...I will pass.

  • MadMacs0 Level 5 (4,700 points)

    > Does this no longer work?...


    Not for Snow Leopard, only users of Lion 10.7.3 and above.

  • sanjampet Level 5 (7,760 points)

    This is no safer than other Java, why would there be so many posts?

  • ds store Level 7 (30,325 points)

    Java 7 updated  for 10.7-10.8


    Released Feb 1, 2013,  fixes 50+ security flaws


    Download and install



    For Java versions 6 and below OS X 10.5-10.6 machines

    Apple supplies their own version of Java. For Mac OS X 10.6 and below, use the Software Update feature available under the Apple menu to check that you have the most up-to-date version of Java 6 for your Mac.


    Java SE 6 End of Public Updates
    After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. We highly recommend downloading and installing Java 7.



    If your considering upgrading OS X from 10.6.8 to 10.8 via AppStore to run Java 7


    Be forewarned no PowerPC based programs or driver software will run any longer.


    Check here BEFORE you upgrade OS X!




    Alternatives if you must run Java 7


    If Apple disabled Java 6 in 10.6, and you can't upgrade OS X to 10.8, then your pretty much done with Java in OS X because Oracle won't issue updates for Java 6 anymore.
    However you can install Windows 7 and continue to use Java 7+ there until support for Windows 7 ends in 2020.

    Windows in BootCamp or Virtual Machine?


    If your on 10.6, I very highly recommend the free Virtualbox for the virtual machine software as it gets updates, VMFusion and Parallels have moved on with only 10.7+

  • MadMacs0 Level 5 (4,700 points)

    Check Software Updates...

    APPLE-SA-2013-02-01-1 Java for Mac OS X v10.6 Update 12


    Java for Mac OS X v10.6 Update 12 is now available and addresses the following:



    Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8

    Impact:  Multiple vulnerabilities in Java 1.6.0_37

    Description:  Multiple vulnerabilities exist in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_39. Further information is available via the Java website at

  • kitkat1126 Level 1 (0 points)

    Hurray!!!! I am running 10.6.8 and there is a software update that has Java working now!!! That was a long day folks!

    Go now and update:)

  • rickkkk Level 1 (0 points)

    Great. So should we try to reverse Shirkan's original solution that allows other versions of Java to run, and if so, any suggestions on what needs to be done in Terminal? Thanks, Richard

  • MadMacs0 Level 5 (4,700 points)

    rickkkk wrote:


    So should we try to reverse Shirkan's original solution that allows other versions of Java to run, and if so, any suggestions on what needs to be done in Terminal?

    It's not absolutely necessary as long as you are talking about the terminal command he first recommended:

    sudo /usr/libexec/PlistBuddy -c "Delete :JavaWebComponentVersionMinimum" /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta. plist

    It was reported that this only worked for 24 hours, but it will definitely be replaced the next time Apple sends out a new XProtect update.


    For those who implemented his LaunchDaemon plan, I would toss those two files as they will simply waste a few milliseconds when they run every minute and it will also stop any future blocks that Apple sends out whether you want it to or not.

  • rickkkk Level 1 (0 points)

    I am speaking of that original terminal command as you suggest. Although he prospectively suggested it would only last a day, it has in fact continued to work. Having done the recent Apple Jave update for 10.6.8 OS, that file that was altered (the XProtect.mplist file) is still the same (looking at "quicklook" of file) as before this update, so I'm guessing it's as it was after that terminal command we are speaking of. It still says modified on 1-31-13.


    Anyone think I need to reverse the spell?

  • Shirkan79 Level 1 (0 points)

    Hi again,

    to reverse my 1st command, simply delete


    /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.p list


    if not appliable with finder, you can do it with terminal


    sudo rm -f /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist


    reboot the mac and it will automaticly downloaded from apple again in its original state.


    same for the defaults write commands...


    if you have implemented the launchdeamons, just delete the script and the launchdeamon

    if you followed my instructions, the script location is /scripts/

    command in terminal:


    sudo rm -f /scripts/


    the launchdeamon sits /Library/LaunchDeamons/

    command for terminal:


    sudo rm -f /Library/LaunchDeamons/


    just delete these 2 files +

    /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.p list

    (1st Command listed above)

    as it would redownloaded from apple next time the mac reboots.




  • rickkkk Level 1 (0 points)

    Thanks Shirkan. I was guessing that was the case but didn't want to muck it up. I could handle OS 9 and earilier fairly well, but OS X is another animal for me.