Apple again blocks latest version of Java through OS X anti-malware system

Posted:
in macOS edited January 2014
The recently released Java 7 Update 11 has been blocked by Apple through its XProtect anti-malware feature in OS X.

Java


Oracle issued the latest update to Java earlier this month to fix a serious zero-day security flaw. The threat was so serious that the U.S. Department of Homeland Security had recommended that all Java 7 users disable or uninstall the software until a patch was issued.

Apple took action on its own and quietly disabled the plugin through its OS X anti-malware system. And as noted by MacGeneration on Thursday, Apple has again updated its OS X XProtect list, this time to block Java 7 Update 11.

Because Oracle has yet to issue a newer version of Java that addresses any outstanding issues, Mac users are prevented from running Java on their system.

Over the last few years, Apple has moved to gradually remove Java from OS X. The Mac maker dropped the Java runtime from the default installation for OS X 10.7 Lion when the operating system update launched in 2010. Java vulnerabilities have been a common exploit used by malicious hackers looking to exploit the OS X platform.

Most notably, the "Flashback" trojan that spread last year was said to have infected as many as 600,000 Macs worldwide at its peak. Apple addressed the issue by releasing a removal tool specifically tailored for the malware, and also disabled the Java runtime in its Safari web browser starting with version 5.1.7.
«13

Comments

  • Reply 1 of 49
    lkrupplkrupp Posts: 9,277member
    I completely understand that Apple is acting to protect the vast majority of its users, users who have no idea what Java is or even if they have it installed.

    But shouldn't they also have an option for users who know the risks but want Java anyway, an option to allow the installation of the plugin?
  • Reply 2 of 49
    philboogiephilboogie Posts: 7,671member
    Good for you Apple. May it go the ways Flash is going. Or has, I actually don't know.
  • Reply 3 of 49
    Not Apple's style (to allow workarounds). Not judging whether that's good or bad. As an individual user I'd like the option but as an IT administrator responsible for Windows computers I see the challenges everyday of trying to walk people through workarounds and then fixes for their workarounds.
  • Reply 4 of 49

    Quote:

    Originally Posted by ddawson100 View Post



    Not Apple's style (to allow workarounds). Not judging whether that's good or bad. As an individual user I'd like the option but as an IT administrator responsible for Windows computers I see the challenges everyday of trying to walk people through workarounds and then fixes for their workarounds.


    Can't you install the needed plug-ins yourself? Or has Apple now completely disallowed it on OS altogether?

  • Reply 5 of 49
    asciiascii Posts: 5,941member
    I think the disallow list only works for certain browsers, the workaround is to use a third party browser.
  • Reply 6 of 49
    macxpressmacxpress Posts: 5,159member
    I know Apple is looking out for us, but for some instances its kind of a pain in the ass that they keep disabling Java. I work in a school and were doing student assessment state testing and the program is Java based. It creates major havoc as testing has to go on right now. This isn't something that can be delayed just because there's an exploit.

    I'm going to assume I can just use ARD to re-enable it through a Unix command.
  • Reply 7 of 49
    If these is really the runtime (JRE), this is very bad news. If it is the crappy plugin, it is quite good news.

    In the first case, we can safely predict that very soon, Mac as well as Windows will only allow you to run Apple-signed software. Great.
    I can't say how unhappy I would be to see these developments.
  • Reply 8 of 49
    This really sucks for schools lots of online skill building software such as Reading Plus is written in java. Yes, these programs are never pretty but they are cross-platform and they generally achieve their educational objectives, school teachers have enough challenges Apple, in the words of Tracy Morgan "FIX IT", and stop playing corporate politics with kids.
  • Reply 9 of 49

    Quote:

    Originally Posted by lightknight View Post



    If these is really the runtime (JRE), this is very bad news. If it is the crappy plugin, it is quite good news.



    In the first case, we can safely predict that very soon, Mac as well as Windows will only allow you to run Apple-signed software. Great.

    I can't say how unhappy I would be to see these developments.


     


    It's only the plugin, you can put your tinfoil hat and pitchforks away.  


     


    If Apple completely disabled Java you would hear the cries many many kids as they found out that Minecraft no longer works on their Macs.  As I can tell by looking around my own house, that is most certainly not the case.

  • Reply 10 of 49
    john.bjohn.b Posts: 2,740member


    Folks, this only affects the Java browser plug-in and only in Safari.


     


    Stand-alone Java still works fine for those of that persuasion.


    Quote:

    Originally Posted by ddawson100 View Post



    Not Apple's style (to allow workarounds). Not judging whether that's good or bad. As an individual user I'd like the option but as an IT administrator responsible for Windows computers I see the challenges everyday of trying to walk people through workarounds and then fixes for their workarounds.


     


    The "workaround" is to simply use a different browser than Safari.  Easy peasy.

  • Reply 11 of 49
    asciiascii Posts: 5,941member

    Quote:

    Originally Posted by phasornc View Post



    This really sucks for schools lots of online skill building software such as Reading Plus is written in java. Yes, these programs are never pretty but they are cross-platform and they generally achieve their educational objectives, school teachers have enough challenges Apple, in the words of Tracy Morgan "FIX IT", and stop playing corporate politics with kids.


    It's not corporate politics, Apple and Oracle get along fine, Steve Jobs and Larry Ellison used to be close friends. They are just trying to stop another Flashback epidemic.


     


    If you want to blame somebody, blame your educational software vendor for choosing an insecure platform on which to base their product. I mean come on, it's been insecure for years, they can't claim they didn't know. They most likely chose it because it was cross-platform and therefore would save them development costs, and that factor overrode their concern for end user security.

  • Reply 12 of 49
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by macxpress View Post



    I know Apple is looking out for us, but for some instances its kind of a pain in the ass that they keep disabling Java. I work in a school and were doing student assessment state testing and the program is Java based. It creates major havoc as testing has to go on right now. This isn't something that can be delayed just because there's an exploit.



    I'm going to assume I can just use ARD to re-enable it through a Unix command.


     


    Yeah, but this is exactly one of those areas when you shouldn't be using a Java based program.  In a school situation, you are legally responsible for that information. You can be sued.  You can even attract criminal charges if something happens to the students info.  It's a very sensitive area. 


     


    School is the very last place that Java should be used.  

  • Reply 13 of 49
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by phasornc View Post



    This really sucks for schools lots of online skill building software such as Reading Plus is written in java. Yes, these programs are never pretty but they are cross-platform and they generally achieve their educational objectives, school teachers have enough challenges Apple, in the words of Tracy Morgan "FIX IT", and stop playing corporate politics with kids.


     


    Your the one that's screwing over "the kids."  How anyone could think using Java in a school situation was an okay thing to do I just don't understand.  

  • Reply 14 of 49
    Some of us still use Snow Leopard, you know!

    This has affected my team's work today. We rely on using a Java applet to do our work. We have resorted to using a Windows 7 VM!

    By the way, it is NOT just Safari. Firefox is affected too.

    Apple, please sort it out.
  • Reply 15 of 49
    macxpressmacxpress Posts: 5,159member

    Quote:

    Originally Posted by Gazoobee View Post


     


    Yeah, but this is exactly one of those areas when you shouldn't be using a Java based program.  In a school situation, you are legally responsible for that information. You can be sued.  You can even attract criminal charges if something happens to the students info.  It's a very sensitive area. 


     


    School is the very last place that Java should be used.  



     


    We don't make the program....were just told to use it and its a program approved by the State Education Department. BTW...thanks for the legal advice!

  • Reply 16 of 49
    neilmneilm Posts: 893member


    The term "Bag of hurt" comes to mind with respect to Java.

  • Reply 17 of 49
    macxpressmacxpress Posts: 5,159member

    Quote:

    Originally Posted by Gazoobee View Post


     


    Your the one that's screwing over "the kids."  How anyone could think using Java in a school situation was an okay thing to do I just don't understand.  



     


    You obviously don't understand what its like to work in an educational environment. You don't always have choices in the matter. If its something you're mandated to do (and use) then how can you blame the school? In some instances, you do what you're told. 


     


    There are a lot of Java based educational apps for the Mac. In some cases its how they make platform independent educational apps. 

  • Reply 18 of 49
    john.bjohn.b Posts: 2,740member

    Quote:

    Originally Posted by maffk View Post



    Some of us still use Snow Leopard, you know!



    This has affected my team's work today. We rely on using a Java applet to do our work. We have resorted to using a Windows 7 VM!



    By the way, it is NOT just Safari. Firefox is affected too.



    Apple, please sort it out.


     


    Firefox is taking their own approach to this:  http://arstechnica.com/security/2013/01/firefox-to-block-content-based-on-java-reader-and-silverlight/

  • Reply 19 of 49
    welshdogwelshdog Posts: 1,757member

    Quote:

    Originally Posted by phasornc View Post



    in the words of Tracy Morgan "FIX IT"


    If you are referring to the SNL sketch where the guy yells "FIX IT", that is Kenan Thompson, not Tracy Morgan.

  • Reply 20 of 49

    Quote:

    Originally Posted by phasornc View Post



    This really sucks for schools lots of online skill building software such as Reading Plus is written in java. Yes, these programs are never pretty but they are cross-platform and they generally achieve their educational objectives, school teachers have enough challenges Apple, in the words of Tracy Morgan "FIX IT", and stop playing corporate politics with kids.


    Couldn't agree more.


     


    I need plug-ins quite often for our corporate VPN, for Adobe Connect, etc. (Right now, I am using Firefox -- in full privacy mode, so that nothing is stored anywhere -- for this).

Sign In or Register to comment.