• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

For those of you wanting to use Java in Safari - It was blocked today

P

postaled

Senior member
So Apple updated Xprotect again this morning and caused a bunch of angry teachers at work. Of course there isn't a new enough version of Java out yet to actually update to...


Not sure on a quicker fix than this but I deployed this to a thousand machines today to get grading going again for our teachers.

You can run this command with sudo to set the plugin version of Java to low enough to run applets again. You can use the bundle version from Java 7U11 if you want, or just remove that plist entry altogether. I don't think that removing it is a good plan though because then it allows you to run even more older exploitable versions as well.

This page has a fix for 10.6 and 10.7

https://jamfnation.jamfsoftware.com/discussion.html?id=6455


Code: 
/usr/libexec/PlistBuddy -c "Set :PlugInBlacklist:10:com.oracle.java.JavaAppletPlugin:MinimumPlugInBundleVersion 1.7.10.19" /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

Not sure if how many of you manage a lot of OS X machines but this would have came in handy at about 8 this morning for me 🙂

EDIT: this is only a temp fix unless you stop Xprotect from updating automatically in your security preferences or through

Code: 
defaults write /System/Library/LaunchDaemons/com.apple.xprotectupdater Disabled -bool yes
 
Last edited:
A new Java release is finally out that plugs all of the outstanding security vulnerabilities.
 
TheStu said:
Suuuure it does.
Click to expand...
Well it's Oracle, so yeah, probably not.😛

But it fixes all known vulnerabilities, which means it should be safe for use now. Whereas I'm surprised it took Apple so long to block the previous version.
 
postaled said:
More like when you have thousands of users that depend on having it function in Safari.
Click to expand...

I really can't understand how everyone overlooks the potential threat of the problem over the use of Java. Productivity or the safety of my bank details and user information... Hmm.
 
joshhedge said:
I really can't understand how everyone overlooks the potential threat of the problem over the use of Java. Productivity or the safety of my bank details and user information... Hmm.
Click to expand...

Everything is vulnerable. How many countless exploits have there been over the years in Windows, IE, Firefox, MacOSX, Safari, Linux, apache, acrobat, cisco ... the lists goes on and on and on.

You identify it, fix it and move on.
 
Tequila said:
Everything is vulnerable. How many countless exploits have there been over the years in Windows, IE, Firefox, MacOSX, Safari, Linux, apache, acrobat, cisco ... the lists goes on and on and on.

You identify it, fix it and move on.
Click to expand...

Right, but usually when you fix it, you actually fix it, and don't open up whole new zero-day exploits. And that is the cycle that Oracle is currently in, for the last what... like 6 updates or more? Zero-day exploit comes out, Oracle pushes a patch, that new version then, in turn, gets exploited immediately. They are like the little dutch boy trying to stop the dam from leaking, but they ran out of fingers a long time ago.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top