2 Replies Latest reply: Mar 13, 2013 2:07 AM by Klaus1
Linda Metler Level 1 Level 1 (0 points)

I haven't been successful playing games at yahoo.com for several weeks now. Is there still a problem with Java? And what do I do about it?

Mac OS X (10.7.5)
  • MadMacs0 Level 5 Level 5 (4,470 points)

    Linda Metler wrote:


    I haven't been successful playing games at yahoo.com for several weeks now. Is there still a problem with Java? And what do I do about it?

    Sorry to be the barer of bad news, but I'm afraid there will always be a problem with use of Java in your browser, so I strongly suggest you find something new that doesn't require it.


    It's technically safe for OS X users at this moment, but every security expert in the universe right now is telling people to leave it disabled. There are several more vulnerabilities identified any one of which could be exploited in the next few minutes. Keep your eye on this site to see when the next one is discovered http://java-0day.com/.

  • Klaus1 Level 8 Level 8 (45,425 points)

    Apple barred Java from running on Macs in order to safeguard users by blocking Java 7 Update 11 and adding it to the banned list in XProtect.

    This was the second time in two weeks that Apple had blocked Oracle's code from running on Macs. The threat was so serious that the U.S. Department of Homeland Security had recommended that all Java 7 users disable or uninstall the software until a patch was issued. This time Java is blocked through Apple's XProtect anti-malware feature.

    Java has come under fire as the means by which hackers have been able to gain control of computers. In April 2012 more than 600,000 Macs were reported to have been infected with a Flashback Trojan horse that was being installed on people's computers with the help of Java exploits. Then in August Macs were again at risk due to a flaw in Java, this time around, there was good news for Mac users: Thanks to changes Apple has made, most of us were safe from the threat.


    Unwilling to leave its customers open to potential threats Apple decided it's safer to block Java entirely.

    In order to block older versions of Flash, Apple has updated its "Xprotect.plist" file so that any versions that come before the current one (version 11.6.602.171) cannot be used on a Mac. Users who have older versions of Flash installed will be greeted with an alert that says "Blocked plug-in," and Safari will prompt the user to update to a newer version.

    Macs running OS X Snow Leopard and beyond are affected.


    UPDATE for those running Lion or Mountain Lion:

    Oracle on Friday February 1 released a new version reportedly addressing vulnerabilities seen with the last build.

    Apple disabled Java 7 through the OS X XProtect anti-malware system, requiring users to have at least version "1.7.0_10-b19" installed on their Macs. The release dated February 1 carries the designation "1.7.0_13-b20," meeting Apple's requirements.


    Oracle "strongly recommends" applying the CPU fixes as soon as possible, saying that the latest Critical Patch Update contains 50 new security fixes across all Jave SE products.


    Update for Snow Leopard users:


    Apple issued update 12 for Java for OS 10.6:




    Note:  On systems that have not already installed Java for Mac OS X 10.6 update 9 or later, this update will configure web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled "Inactive plug-in" on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.


    If, after installing Java for OS X 2013-002 and the latest version of Java 7 from Oracle, you want to disable Java 7 and re-enable the Apple-provided Java SE 6 web plug-in and Web Start functionality, follow these steps:


    Further update:


    Apple issued this Java related security update No. 13 on February 19:




    and Update No. 14 on March 4:  http://support.apple.com/kb/DL1573




    The standard recommendation is for users to turn off Java except when they have to use it on known and trusted websites (like their bank). Javascript, which is unrelated despite the name, can be left on.



    How to remove Java - and why:


    http://www.macworld.com/article/2028900/how-to-disable-java-on-your-mac.html#tk. nl_mwhelp