Apple Intelligence is now available on iPhone, iPad, and Mac!
📢 Newsroom Update
Apple unveils the new iMac with M4, supercharged by Apple Intelligence and available in fresh colors. Learn more >
Apple unveils the new iMac with M4, supercharged by Apple Intelligence and available in fresh colors. Learn more >
Hello,
I don't have Java installed yet but I need it temporarily.
Can having it installed pose a threat even if I only use .jar files I know are safe?
In other words, can an app that is already installed use Java without asking for permission?
Thank you!
macOS Sierra (10.12.6)
Thank you! Shall I use this version:
http://support.apple.com/downloads/DL1572/en_US/javaforosx.dmg
or really go to the Oracle website to get the latest version?
(I'm a bit sceptical about these "free" Oracle products...)
Yes, you can, when using Safari (other browsers untested). It requires installing Java, activating Java for browsers (the plugin), the activating it in the browser (Safari: Preferences > Websites > Java, keep it off for other websites, but allow it for specific/currently open sites (Ask/Off/On).
You can turn off Java in the System Preferences Pane at any time. You can turn off Java in the browser’s preferences at any time. You can turn on Java for local programs, but keep it off for internet. You can set ‘Enhanced Security Restrictions’. Quite flexible, just don’t keep it on because you forgot it.
The Java that Apple supplied (up to v6, now called Legacy) was not inherently safer than Oracle’s Java (v10 now); it needed the same security patches as other platforms. The cool thing about Java is that a programmer can easily ‘port’ their code to any platform that works with Java. The downside is the number of vulnerabilities found, designed to bypass security measures and execute arbitrary code on behalf of others (e.g. be part of a botnet).
There is no such thing as a safe site w.r.t. Java: the owner of the compromised site is generally a victim too. That makes the Allowed-list a bit awkward. That’s why there are Java certificates, a bit like SSL certificates and Mac identified developers, so that the authenticity can be verified with a ‘circle of trust’: once revoked, the certificate is revoked on every check from then on.
Shall I use this version: javaforosx.dmg or really go to the Oracle website to get the latest version?
One may work while the other does not, for what you intend to do.
If a developer codes a java applet, he or she will develop for a range of compatible Java versions (the more versions, the more difficult his work; just like a Mac app for a range of macOS versions). If what your applet needs is Java RE 6, then get the Apple version. If your applet needs Java RE 8 or later, then you will have to go with Oracle’s version.
I recommend using the Apple version, it has been vetted by Apple therefore there is no question about it's safety.
Assuming you install Java as supplied from Apple it should be safe. You can download it from https://support.apple.com/kb/dl1572?locale=en_US
Using Java temporarily safely
