Apple-provided Java plug-in removed with software update

Posted:
in Mac Software edited January 2014
Apple on Tuesday rolled out two Java updates, one for OS X 10.6 Snow Leopard and another for OS X 10.7 Lion and OS X 10.8 Mountain Lion, the latter offering improved security by uninstalling the Apple-provided Java applet plug-in from all web browsers.

Java Update


Tuesday's update for OS X Lion and Mountain Lion goes further and removes the Apple-built Java plug-in from all web browsers, forcing users to download the latest version curated directly by Oracle.

The move is the next step in Apple's plan to deprecate maintenance of its own Java runtime, which was announced in 2010. Apple subsequently dropped Java from OS X 10.7 Lion and placed the burden of future development on the OpenJDK community.

Both of today's updates are continuations of patches issued in June and September, which brought Java SE 6 to newer runtime versions, and disabled the plug-in by default upon installation. Those updates also configured the plug-in to deactivate when associated applets were not run for an extended period of time.

Java for OS X 2012-006

Lion Update


From the release notes:
Java for OS X 2012-006 1.0

Java for OS X 2012-006 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_37.

This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle.

Please quit any web browsers and Java applications before installing this update.
Apple's update for Lion and Mountain Lion weighs in at 67.2B and can be downloaded via the Mac App Store or Apple's Support Downloads webpage.

Java for Mac OS X 10.6 Update 11

Snow Leopard Update


From the release notes:
About Java for Mac OS X 10.6 Update 11

Java for Mac OS X 10.6 Update 11 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_37.

On systems that have not already installed Java for Mac OS X 10.6 update 9 or later, this update will configure web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled "Inactive plug-in" on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.

Please quit any web browsers and Java applications before installing this update.
The Java update for Snow Leopard comes in at 81.9MB and can be downloaded via Software Update or Apple's Support Downloads webpage.
«1

Comments

  • Reply 1 of 29
    Not seeing it yet.
  • Reply 2 of 29
    tylerk36tylerk36 Posts: 1,037member


    6:52pm west coast.  Not seeing it.  Software update.  Nothing.  It is on Apple support web site though.

  • Reply 3 of 29
    crankycranky Posts: 163member


    9:06 p.m. central - downloading now.

  • Reply 4 of 29
    john.bjohn.b Posts: 2,716member


    Not seeing it yet here either (9:11 pm Flyover Standard Time), but I'm glad to see it's coming:  http://support.apple.com/kb/HT5493


     


    When basically all major OS X security vulnerabilities today come from Java, its time to re-evaluate that relationship.  This way, the only people affected will be the few who intentionally seek out Java to support specific applications.

  • Reply 5 of 29
    v5vv5v Posts: 1,357member

    Quote:

    Originally Posted by John.B View Post



    When basically all major OS X security vulnerabilities today come from Java, its time to re-evaluate that relationship.  This way, the only people affected will be the few who intentionally seek out Java to support specific applications.


     


    Like Photoshop!  Or was it Illustrator?  One of the two.  Stupid Adobe.

  • Reply 6 of 29
    bappobappo Posts: 24member
    >> Apple subsequently dropped Java from OS X 10.7 Lion and placed the burden of future
    >> development on the OpenJDK community.

    This is not fair toward the Apple team; Apple entered the OpenJDK community, and did not placed the burden to external entities only !! The Apple team is an integral part of the OpenJDK, and they are contributing interesting technologies to Java, like an OpenGL based graphic pipeline.

    Bappo
  • Reply 7 of 29
    john.bjohn.b Posts: 2,716member

    Quote:

    Originally Posted by v5v View Post


    Like Photoshop!  Or was it Illustrator?  One of the two.  Stupid Adobe.



     


    What the f*** does that have to do with whether or nor Apple distributes a Java web browser plug-in with every copy of OS X?


     


    Context fail, much?

  • Reply 8 of 29
    bageljoeybageljoey Posts: 1,742member


    WOW!  They are getting very efficient with their programming!


     


    Quote:


    Originally Posted by AppleInsider View Post



    Apple's update for Lion and Mountain Lion weighs in at 67.2B and can be downloaded via the Mac App Store or Apple's Support Downloads webpage.


     


  • Reply 9 of 29
    Chrome users, beware before applying this update! Oracle distributes only 64-bit version of Java, so it won't work in Chrome. This is clearly stated on the download webpage at: http://java.com/en/download/mac_download.jsp
  • Reply 10 of 29
    v5vv5v Posts: 1,357member

    Quote:

    Originally Posted by John.B View Post


     


    What the f*** does that have to do with whether or nor Apple distributes a Java web browser plug-in with every copy of OS X?



     


    Nothing the f***.  It has to do with Adobe CS6 apps requiring installation of a Java runtime.  Java support has implications beyond just browser applets.

  • Reply 11 of 29
    Could someone explain to me how the Mountain Lion update for Java updates Java to 1.6.0_37, while at the same time removing it (and requiring Java 7 to be installed from Oracle's site)?
  • Reply 12 of 29
    dysamoriadysamoria Posts: 1,884member
    I didn't really get that myself.
  • Reply 13 of 29
    auxioauxio Posts: 1,945member

    Quote:

    Originally Posted by Kermit262 View Post



    Could someone explain to me how the Mountain Lion update for Java updates Java to 1.6.0_37, while at the same time removing it (and requiring Java 7 to be installed from Oracle's site)?


     


    It looks to me like the update just removes the Java web browser plugin, not the Java runtime (JRE).  The latter is what's used to run Java-based desktop applications.  It looks like it actually updates the JRE, which is why it's so large.


     


    If that's the case, then the discussion about Adobe CS is moot -- it shouldn't be affected since it's made up of desktop applications.


     


    The thinking here, I believe, is that almost all of the security holes in Java are exploited via the web (trojan websites, etc).  It's much more difficult to get someone to download, install, and run an application, than it is to just get them to browse to a website.


     


    So by forcing people to use the Oracle version of the Java web browser plugin (which has security holes fixed more quickly than Apple's version), but keeping Apple's version of the JRE on the system so that Java-based desktop applications can continue to be used without interruption, you eliminate the vast majority of security exploits without too much hassle.

  • Reply 14 of 29

    Quote:

    Originally Posted by auxio View Post


     


    It looks to me like the update just removes the Java web browser plugin, not the Java runtime (JRE).  The latter is what's used to run Java-based desktop applications.  It looks like it actually updates the JRE, which is why it's so large.


     


    If that's the case, then the discussion about Adobe CS is moot -- it shouldn't be affected since it's made up of desktop applications.


     


    The thinking here, I believe, is that almost all of the security holes in Java are exploited via the web (trojan websites, etc).  It's much more difficult to get someone to download, install, and run an application, than it is to just get them to browse to a website.


     


    So by forcing people to use the Oracle version of the Java web browser plugin (which has security holes fixed more quickly than Apple's version), but keeping Apple's version of the JRE on the system so that Java-based desktop applications can continue to be used without interruption, you eliminate the vast majority of security exploits without too much hassle.



    Excellent. Thanks. I also discovered that even though the release notes say that the Java Preferences are removed (and indeed, looking in the Utilities folder you will no longer see Java Preferences) you can do a system search for "Java Preferences" and still get access to it. Although now the functionality is limited to enabling or disabling Java:


     


  • Reply 15 of 29
    rob53rob53 Posts: 1,949member


    Well, this is the second time I've tried using Oracle's Java plugin and it's failed to operate both times. I ran the Apple updater and it installs the Java 7 plugin. I used the java.com test page to download and install the plugin but it just keeps spinning, meaning there's something wrong with the installation. I was able to back out to Java 6 following their instructions. 


     


    Has anyone been able to get this to install and run the version verification page form Java?

  • Reply 16 of 29


    I was able to download and install Java 7 from Oracle with no problem.

  • Reply 17 of 29
    rob53rob53 Posts: 1,949member


    I tried installing again and the Java Preference utility was deleted by the installation. Went to the Java test page and it says it's missing the plug-in so I clicked on it to install it. (Checked /Library/Internet Plug-Ins and there is a link to the JavaAppletPlugin.plugin) Clicking More Info to download the plugin put me on a second page where I pressed the Agree button. This downloads the plugin without any authentication request. Quit Safari and tried again. Still says Missing Plug-in. I have Open safe files after downloading unchecked so it never installed it. The Oracle Java page assumes this box is checked, something every security guide says to uncheck. So, my original post was wrong and I never installed Java 7. This puts the Java preference pane in and testing the Java version finally works. Oracle needs to revise their download page so it doesn't say the plugin is automatically installed. So far, my initial testing of sites I know use Java are working but a banking site (mortgage calculator) didn't work previously so I'll need to try and find it to see if it actually works. For some reason, an alias/link for java and my boot drive showed up on the desktop. Not sure why. The entire Java package is now in the /Library/Internet Plug-Ins folder as a bundled app named JavaAppletPlugin.plugin. The original Java 6 is still in /System/Library/Java.

  • Reply 18 of 29


    Ugh! I'm waiting for the phone calls from my various clients now... They use ZipForm Online, which exclusively uses Java! Before anyone starts by saying how easy it is to fix this problem, you've never been a computer consultant before!

  • Reply 19 of 29
    v5vv5v Posts: 1,357member

    Quote:

    Originally Posted by auxio View Post


    It looks to me like the update just removes the Java web browser plugin, not the Java runtime (JRE).  The latter is what's used to run Java-based desktop applications.  It looks like it actually updates the JRE, which is why it's so large.


     


    If that's the case, then the discussion about Adobe CS is moot -- it shouldn't be affected since it's made up of desktop applications.



     


    Right, like you said, it SHOULDN'T be affected, but it wouldn't be the first time a "fix" for one issue wound up being an accidental "broken" somewhere else. :)


     


    I just found it interesting that of the three Macs I use regularly, only the one with Adobe CS apps installed even needs a Java runtime.  The other two don't have Java installed at all, neither runtime nor browser plug-in, and after two months I have yet to notice it's gone.  Does Photoshop's dependance on Java say anything about the quality of the programming, or is it a normal practice I just wouldn't have noticed if Apple hadn't quit developing their own version?

  • Reply 20 of 29
    sensisensi Posts: 346member
    john.b wrote: »
    When basically all major OS X security vulnerabilities today come from Java, its time to re-evaluate that relationship. 
    Vulnerabilities come from Apple taking months to update its own bundled version of Java... The current version for Mac from Oracle is Java 7 version 1.7.0_06 ...
Sign In or Register to comment.