Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Angers Mac Users With Silent Shutdown of Java 7

Posted by samzenpus on from the a-thief-in-the-night dept.

An anonymous reader writes in with news of the continuing saga of Java patches and exploits. "If you're a Mac user who suddenly can't access websites or run applications that rely on Java, you're not alone. For the second time in a month, Apple has silently blocked the latest version of Java 7 from running on OS X 10.6 Snow Leopard or higher via its XProtect anti-malware tool. Apple hasn't issued any official statements advising users of the change or its reasons, but it's a safe bet that the company has deemed Oracle's most recent update to Java insecure. That's why the company stealthily disabled Java on Macs back on Jan. 10, the same day a Java vulnerability was being exploited in the wild."

57 of 451 comments (clear)

  1. Run Linux by Anonymous Coward · · Score: 5, Funny

    If you ran Linux you wouldn't have to worry about software not being able to run.

    1. Re:Run Linux by MrEricSir · · Score: 3, Funny

      If you ran Linux you wouldn't have to worry about software not being able to run.

      10/10. This is how proper trolling is done.

      --
      There's no -1 for "I don't get it."
    2. Re:Run Linux by vlm · · Score: 2

      It should not be the case but lets face reality here there thousands of Java applications out there that only work correctly on specific platform releases. If you depend on these and your main system is a Mac you might be really screwed by this.

      Here let me help summarize

      It should not be the case but lets face reality here there thousands of Java applications out there that only work correctly on specific platform releases. If you depend on these ... you might be really screwed....

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    3. Re:Run Linux by dririan · · Score: 5, Informative

      Almost all of the plugins are soft blocked. They'll be automatically disabled when you start Fx, but you can easily re-enable them without patching or updating anything. In fact, the same dialog that tells you about the soft block lets you uncheck "Disable" to prevent it from being disabled. Very nearly all plugins that are blacklisted are soft blocked. Their criteria for hard blocking plugins (which means the plugin cannot be re-enabled) is that the plugin either "is malicious" or "a soft-block will not resolve the issue in question, such as a start-up crash". See Mozilla's wiki for more information, especially the sections "A High Bar", "Block Conditions", and "Block Severity".

      Please don't spread misinformation and FUD about Mozilla's blocklisting when it really is done properly.

    4. Re:Run Linux by Anonymous Coward · · Score: 3, Funny

      If you ran Linux you wouldn't have to worry about software not being able to run.

      10/10. This is how proper trolling is done.

      If you ran Linux you would have no idea what it's like to experience the mysterious wonders of the malware world. Do you even know what it feels like to have a fuckin' sweeeet .dll hack invade your inner workings? I'll bet not. Like gettin' head from a porn star while smokin' blunts these days...they're so damn smooth, especially the Chinese. You hardly feel it.

      A fast personal computer is a terrible thing to waste. - Anonymous Botnet Operator

      (And THAT is how a proper troll response is done.)

    5. Re:Run Linux by kenh · · Score: 2

      Or Windows. This is the result of a decision made by Apple Corp. to make this happen.

      This came just as several hundred school teachers in my district were sitting down to enter grades into their Infinite Campus gradebooks at the end of the marking period. Apple's decision is playing havoc with their ability to use this Java-based application on their Apple MacBook Pros.

      --
      Ken
    6. Re:Run Linux by smash · · Score: 4, Insightful

      In the past 15 years, I've personally dealt with more rooted Linux boxes than rooted Windows servers. Sure, the Linux boxes are probably more exposed to teh internet, but to claim that if you run/deal with Linux you're never likely to experience malware is a bit of a reach.

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
    7. Re:Run Linux by JDG1980 · · Score: 2

      Translation: Firefox provides secure behavior by default; if you want to do insecure stuff with plugins, you can, but you have to explicitly tell it so in the configuration settings.

      Why is this a problem?

  2. Old News by swimboy · · Score: 5, Informative

    Update 13 is already out, and *not* blocked by Apple. All that's blocked are the old, insecure (well, more insecure) versions.

    --
    Ask me how the Heisenberg Principle may or may not have saved my life.
    1. Re:Old News by turkeyfeathers · · Score: 2

      Not blocked... yet.

    2. Re:Old News by exomondo · · Score: 4, Interesting

      If there are security vulnerabilities discovered in update 13 then it will likely be blocked as well.

      So why don't they block older versions of their operating systems when they have vulnerabilities? That one in iOS where you could root the device from a website was pretty severe, seems if their goal is protecting the user from malicious software they probably should have blocked that from the app store and other services until the users updated.

    3. Re:Old News by msauve · · Score: 4, Funny

      "Today, we celebrate the first glorious anniversary of the Information Purification Directives. We have created, for the first time in all history, a garden of pure ideologyâ"where each worker may bloom, secure from the pests purveying contradictory truths. Our Unification of Thoughts is more powerful a weapon than any fleet or army on earth. We are one people, with one will, one resolve, one cause. Our enemies shall talk themselves to death, and we will bury them with their own confusion. We shall prevail!" - Apple

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    4. Re:Old News by R.Mo_Robert · · Score: 5, Informative

      I am not stupid and know how to disable it for web browsing, but many apps use older java versions.

      First, I'm not sure why Slashdot chose to run this article as opposed to any of dozens of others that actually explain the situation better, not that it matters because nobody reads them. Apple is not blocking Java applications. They are blocking only the plug-in. Further, from what I've read, they were not blocking Java 6, only insecure (well, more insecure) versions of Java 7 applets. Additionally, you can get around this with just about any Web browser besides Safari. Finally, at the moment, at least, the latest version of the plug-in is once again perfectly capable of running.

      For competent reporting on this subject, see, among others, the MacRumors article about the most recent block.

      --
      R.Mo
  3. Oh no, I can't run Java applets?! by MrEricSir · · Score: 5, Funny

    Without Java applets, my plan to time travel back to 1997 and surf the web is completely ruined!

    --
    There's no -1 for "I don't get it."
  4. Re:Good for them. by Anonymous Coward · · Score: 5, Funny

    This is why I run GNU Hurd, the only truly free operating system, on my Lemote Yeeloong. My freedom is incredible. I can run ls and cat and EVERYTHING. I look forward to support for manpages in 2017.

  5. Re:I sure the EULA will tell me I cant do anything by SteveTheNewbie · · Score: 5, Informative

    You do realise you can disable this right?

    https://discussions.apple.com/thread/4762386?start=0&tstart=0

    Quite amazing what a google search for 'disable XProtect' turns up..

  6. Re:Good for them. by kthreadd · · Score: 4, Interesting

    Ehm, doesn't Firefox also block vulnerable versions of Java? I guess maybe they are fascist as well.

  7. Re:I sure the EULA will tell me I cant do anything by dugancent · · Score: 2

    It's monitoring in the same sense that antivirus software is monitoring.

    --
    SJWs are the new boogeyman. -Me
  8. Re:Good by Colonel+Korn · · Score: 5, Informative

    Java... free. VirtualBox... free. Oracle Linux... free. How can you say they're greedy?

    On Windows, Java installs the Ask Toolbar (for now - other times it installs other shit) every time it updates to a new version unless the user realizes Oracle is a two bit hole in the wall company and unchecks the default boxes to opt out. That's greedy. To an even greater extent that's sleazy and just...trashy.

    --
    "I zero-index my hamsters" - Willtor (147206)
  9. Re:Good for them. by tysonedwards · · Score: 4, Interesting

    Let's not let the facts get in our way.

    --
    Thirty four characters live here.
  10. Re:This Mac user not angered. by kthreadd · · Score: 3, Informative

    There is very little reason to offer such option since users should not use vulnerable versions of plugins. The plugin vendor should fix the problem and update the plugin.

  11. Re:Good for them. by Anonymous Coward · · Score: 5, Informative

    a) it's old news
    b) both the Java 7 (from Oracle) and Java 6 (from Apple) updates that address this are already out . Is the new motto Recycling obselete news that matters ;)
    c) if you want to opt out from Xprotect, how to guides abound
    d)it's the Safari plugin only - other browsers are not effected
    e) Apple have pulled the trigger on Xprotect maybe 4 times in 3 years, its not like they are shotgunning

    The vulnerabilities from Java 7 were hideously large, and Apple probably did the right thing for the 99 percent who don't know any better. Driveby root access isn't all that fun for the target.

    The 1 percent who care, can disable Xprotect temporarily if they want to.

    For anyone in between, they could always use another browser.

    If you are using a Mac , you are not generally the IT equivalent of a Yukon Frontiersman

  12. Wow... Apple can't catch a break... by thestudio_bob · · Score: 5, Insightful

    Wow... Apple can't catch a break... You know damn well people would be bitching if they hadn't done this... Apple Fails To Disable Java 7. Millions of Macs Vulnerable. News at 11.

    --
    The real Sig captains the Northwestern. This one captains /.
    1. Re:Wow... Apple can't catch a break... by Phelony · · Score: 3, Insightful

      *Apple* fails to disable Java so Macs are vulnerable? So Oracle is not responsible for Java making Macs vulnerable??? It's Apple's fault??? Huh???

    2. Re:Wow... Apple can't catch a break... by smash · · Score: 2, Informative

      In slashdot groupthink, yes.

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
    3. Re:Wow... Apple can't catch a break... by jo_ham · · Score: 2

      *Apple* fails to disable Java so Macs are vulnerable?

      So Oracle is not responsible for Java making Macs vulnerable??? It's Apple's fault???

      Huh???

      That's exactly what happened when Apple decided to stop shipping a Java VM by default with OS X, instead falling back to the position that every other OS uses - that if you need it, you get it from Oracle. That didn't stop slashdot frothing about how Apple was "killing Java" and "taking it away from Mac users" when it was really the opposite - shipping and updating their own version meant that the Mac version was always behind the current release, especially with bug fixes. Leaving it to Oracle meant it was better for everyone.

      Just look at the way the driveby jailbreaking exploit was reported. It wasn't "Apple fixes exploit that allows remote root access on iOS" it was "Apple closes hole that allows people to Jailbreak" while simultaneously hammering Apple for relying on security through obscurity in their products.

  13. Re:Good for them. by countach · · Score: 5, Informative

    Two issues. Firstly Apple didn't just disable web applets. They disabled Java Web Start too, so whole corporations and government departments are suddently shut down. Secondly, they didn't provide any announcement, or a gui tool to re-enable at your own risk. It was just nuke everyone in silence.

  14. Re:Good by bearded_yak · · Score: 2

    ...Oracle [...] unchecks the default boxes to opt out. That's greedy. To an even greater extent that's sleazy and just...trashy.

    Thank you! It's amazing how many customers bring in their computers for a tuneup who have no idea how they got the Ask toolbar. Granted it is just as much the user's fault for not reading, but at the same time, the user puts a lot of trust in such a major-name product and shouldn't have to worry about having something slipped by them.

  15. Re:I'm Pretty Sure They Just Needed An Excuse by FreakyGeeky · · Score: 5, Informative

    Your information is woefully out of date. Oracle is where you get Java for OS X, and it's been that way for a couple years.

  16. Still not working on 10.6 by g1powermac · · Score: 4, Informative

    The summary is incorrect with saying Apple blocked Java 7 on 10.6. Actually, Snow Leopard can't run the new Java from Oracle, it can only run the Apple version of it which is still the 6 series. With this last round of blocking, Apple also blocked their own version on Snow Leopard and Apple has not yet released an update for it last time I checked. Now, in my opinion, this whole blocking thing without notice was extremely unprofessional and made me disappointed in Apple, and that's coming from a Mac fan. I got hit with it the other day and spent hours trying to figure out why in the world Java wasn't working on my machines. Ended up finding a work around editing a .plist file using a console text editor. Definitely not a solution for anyone not familiar with the command line.

  17. Re:Good by Anonymous Coward · · Score: 3, Funny

    maybe

  18. Re:I sure the EULA will tell me I cant do anything by Kjella · · Score: 2

    Depends on how it works, if it sends a list of installed software to Apple to check it's bad, but if it downloads a list of plugin signatures to disable because they're outdated and insecure that's not any worse or different than the antivirus downloading virus signatures. I don't see the privacy implications of that, would you elaborate?

    --
    Live today, because you never know what tomorrow brings
  19. Re:Larry Ellision by Anonymous Coward · · Score: 2, Insightful

    Is worse than Hitler.

    Goodwin was an optimist.

  20. Re:Good for them. by sjames · · Score: 3, Informative

    Firefox implemented 'click to play' for Java, Silverlight, and Flash. That just means that it only runs them is the user specifically requests it. There's a big difference between blocking outright and suggesting strongly not running it and then letting the user decide.

  21. Re:I sure the EULA will tell me I cant do anything by gnasher719 · · Score: 5, Informative

    Depends on how it works, if it sends a list of installed software to Apple to check it's bad, but if it downloads a list of plugin signatures to disable because they're outdated and insecure that's not any worse or different than the antivirus downloading virus signatures. I don't see the privacy implications of that, would you elaborate?

    Apple has been using a blacklist that is updated daily to stop dangerous software from running. It is mostly used against trojans, but also to block Java running as a Safari plugin, which has some rather serious exploits (basically, an applet can replace the default Java security manager with its own, and from then on anything goes), _and_ it is known that these exploits are actually for sale.

    So there are no privacy problems whatsoever, and while blocking Java applets might be annoying, the alternative would be highly dangerous. By the way, Oracle has released a new software version fixing about 50 security problems, which is not blocked.

  22. Re:Good for them. by mug+funky · · Score: 5, Funny

    i love the Hurd logo - representing all 4 of it's users.

  23. Re:I sure the EULA will tell me I cant do anything by exomondo · · Score: 3, Informative

    again, If i run a 3rd party monitoring system, I allowed them into my system. If this is on by default, then I am not sure I am ok with this..

    It's updating a blacklist because people have auto-update on, nothing more. You are not 'allowing them into your system'.

    What if apple decides one day that they dont want YY running on macs anymore

    That would obviously be pointless given the only thing going on here is updating a blacklist - which is editable by the user - when automatic update is on. So clearly if they were to do that for some reason then the information would be disseminated pretty damn quickly about the simple fix to avoid it.

  24. Re:Good by maxwell+demon · · Score: 2

    You know, if you xor the file with the right key, you'll get a text demanding your soul and your first-born. :-)

    --
    The Tao of math: The numbers you can count are not the real numbers.
  25. Re:Good for them. by PopeRatzo · · Score: 2, Funny

    This is why I run GNU Hurd, the only truly free operating system, on my Lemote Yeeloong.

    Hey, look on the bright side. At least people don't think you're a putz.

    Maybe you don't have the latest MacBook with Mountain Lion. But you also don't wear pleather pants with the butt cut out.

    --
    You are welcome on my lawn.
  26. Re:Good for them. by PopeRatzo · · Score: 4, Funny

    If you are using a Mac , you are not generally the IT equivalent of a Yukon Frontiersman

    No, you are the IT equivalent of the cast of Glee.

    --
    You are welcome on my lawn.
  27. Re:Good for them. by countach · · Score: 5, Informative

    Yeah well, as someone tasked with fixing this for a government department, Apple hasn't told me how to do it. Yes, some hackers figured it out. Yes, I can google and get their knowledge. But Apple didn't give me any way to push the fix out. Nor did they give a gui tool so I can email the users with instructions. In short, we're a bit screwed right now. We'll get over it sure, but in the mean time, tons of legal centres are out of action. is this good enough behavior? Surely not! Please don't defend this crap.

  28. Re:Good for them. by Cinder6 · · Score: 4, Funny

    The logo looks to me like someone tried, and failed miserably, to map out a token ring network.

    --
    If you can't convince them, convict them.
  29. Re:Good by MisuVir · · Score: 2

    I like how Adobe Reader comes with the very useful software "McAfee Security Scan Plus".

  30. Re:Good for them. by jo_ham · · Score: 4, Insightful

    If you are using a Mac , you are not generally the IT equivalent of a Yukon Frontiersman

    No, you are the IT equivalent of the cast of Glee.

    Young, geeky, bullied by retards who hate them for liking something that the retards don't like? ;)

  31. Re:Good for them. by Skuld-Chan · · Score: 4, Insightful

    Its really easy for some nerd to say your a fool for using Java, but when you have a business line application line Sungard Banner (which uses Oracle Forms which is Java based) with 30 years of prior use its not so simple to just move on - yes we may be foolish, but what can one do at this point?

    Apple shuts off Java and they essentially killed off our front line application.

    Really all this does is make us move more towards Windows and Linux desktops for anyone who has a business need for a computer.

  32. Re:Can you feel that Apple users by EmperorOfCanada · · Score: 2

    I would up-mod this had I the points. I can just see the whole appendix thing; awesome visualization. My guess is that some prude downmodded you. Or some PR flunkies. Too bad you went with the Anonymous thing.

  33. Re: Good for them. by PrimaryConsult · · Score: 3, Insightful

    It sounds like his users require Java for some crucial work-related application. So, if the choice was expose users to possibility of an exploit, or not get any work done, enabling a vulnerable Java is probably the less costly measure to take.

  34. Re:Good for them. by Waccoon · · Score: 4, Interesting

    I find it funny how yet another Windows8 story ran last week, and there were many suggestions that businesses should all switch to the Mac.

  35. Re: Good for them. by countach · · Score: 2

    So why didn't the fools at Apple allow disabling for applets, but enabling for Java web start and regular Java apps? If we are exposed unnecessarily to exploits, it is now Apple's fault.

  36. Re:Good for them. by Stewie241 · · Score: 4, Insightful

    I have no problem with Apple disabling Java. I would like them to provide some notice and I would like them to provide a way to whitelist trusted applications. That doesn't seem unreasonable.

  37. Re:Good for them. by Skuld-Chan · · Score: 2

    Well they disabled it, and would only permit a version that wasn't even released - no documentation or anything.

    I think us big customers could have been treated a bit nicer.

    Anyhow yes I want it to still be enabled - our front desk machines can't browse anywhere they want ;).

  38. Re:Good for them. by DeathElk · · Score: 2

    Java != Javascript

  39. Re: Good for them. by jbolden · · Score: 4, Informative

    The "fools at Apple" make the security system a standard XML file which is editable by admins. You can do anything you want with it.

  40. Lemote Yeelong is an amazing device. by Andy+Prough · · Score: 2

    AC is a total D-bag for ripping such a sweet, fast, open-hardware, low-power device. If any grownups are interested in the specs on this 12-watt, 4-core laptop that runs without any proprietary bios or drivers, check here: http://www.lemote.com/en/products/Notebook/2010/0310/112.html

    1. Re:Lemote Yeelong is an amazing device. by smash · · Score: 2

      Looks like it's from 1995.

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
  41. Re:Good for them. by gmhowell · · Score: 2, Funny

    If you are using a Mac , you are not generally the IT equivalent of a Yukon Frontiersman

    No, you are the IT equivalent of the cast of Glee.

    Young, geeky, bullied by retards who hate them for liking something that the retards don't like? ;)

    Disproportionately gay?

    --
    Jesus was all right but his disciples were thick and ordinary. -John Lennon
  42. Re:Good for them. by mysidia · · Score: 4, Insightful

    Apple hasn't told me how to do it. Yes, some hackers figured it out.

    Did you call Apple Enterprise support? Does your organization have the proper agreements in place with Apple, for them to support use of OS X by a business (instead of ordinary consumer use) ?

    Did you voice the concerns with your Apple rep?