For those of you wanting to use Java in Safari - It was blocked today

Toggle sidebar Toggle sidebar
P

postaled

Senior member
Feb 20, 2007
254
0
0
So Apple updated Xprotect again this morning and caused a bunch of angry teachers at work. Of course there isn't a new enough version of Java out yet to actually update to...


Not sure on a quicker fix than this but I deployed this to a thousand machines today to get grading going again for our teachers.

You can run this command with sudo to set the plugin version of Java to low enough to run applets again. You can use the bundle version from Java 7U11 if you want, or just remove that plist entry altogether. I don't think that removing it is a good plan though because then it allows you to run even more older exploitable versions as well.

This page has a fix for 10.6 and 10.7

https://jamfnation.jamfsoftware.com/discussion.html?id=6455


Code: 
/usr/libexec/PlistBuddy -c "Set :PlugInBlacklist:10:com.oracle.java.JavaAppletPlugin:MinimumPlugInBundleVersion 1.7.10.19" /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

Not sure if how many of you manage a lot of OS X machines but this would have came in handy at about 8 this morning for me :)

EDIT: this is only a temp fix unless you stop Xprotect from updating automatically in your security preferences or through

Code: 
defaults write /System/Library/LaunchDaemons/com.apple.xprotectupdater Disabled -bool yes
 
Last edited:
ViRGE

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
A new Java release is finally out that plugs all of the outstanding security vulnerabilities.
 
ViRGE

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
TheStu said:
Suuuure it does.
Click to expand...
Well it's Oracle, so yeah, probably not.:p

But it fixes all known vulnerabilities, which means it should be safe for use now. Whereas I'm surprised it took Apple so long to block the previous version.
 
joshhedge

joshhedge

Senior member
Nov 19, 2011
601
0
0
postaled said:
More like when you have thousands of users that depend on having it function in Safari.
Click to expand...

I really can't understand how everyone overlooks the potential threat of the problem over the use of Java. Productivity or the safety of my bank details and user information... Hmm.
 
T

Tequila

Senior member
Oct 24, 1999
882
11
76
joshhedge said:
I really can't understand how everyone overlooks the potential threat of the problem over the use of Java. Productivity or the safety of my bank details and user information... Hmm.
Click to expand...

Everything is vulnerable. How many countless exploits have there been over the years in Windows, IE, Firefox, MacOSX, Safari, Linux, apache, acrobat, cisco ... the lists goes on and on and on.

You identify it, fix it and move on.
 
T

TheStu

Moderator<br>Mobile Devices & Gadgets
Moderator
Sep 15, 2004
12,089
45
91
Tequila said:
Everything is vulnerable. How many countless exploits have there been over the years in Windows, IE, Firefox, MacOSX, Safari, Linux, apache, acrobat, cisco ... the lists goes on and on and on.

You identify it, fix it and move on.
Click to expand...

Right, but usually when you fix it, you actually fix it, and don't open up whole new zero-day exploits. And that is the cycle that Oracle is currently in, for the last what... like 6 updates or more? Zero-day exploit comes out, Oracle pushes a patch, that new version then, in turn, gets exploited immediately. They are like the little dutch boy trying to stop the dam from leaking, but they ran out of fingers a long time ago.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom