Home
Posted By: plantsower Software Update - 10/18/12 01:26 AM
I have a new software update (10.8.2) I don't get this part of it. I don't want to download it unless it's a good idea.

Java for OSX 2012-006 1.0

Java for OSX 2012-006 delivers improved security, and compatibility by updating Java SE 6 to 1.6.37.


This release updates the Apple-provided system Java SE 6 to version 1.6.0_37 and is for OS X versions 10.7 or later.

This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle.

This update also removes the Java Preferences application, which is no longer required to configure applet settings.


I don't understand about the uninstalling of java applet plug-in. Why would I want to do that?

Thanks.

Rita
Posted By: ganbustein Re: Software Update - 10/18/12 02:30 AM
Originally Posted By: plantsower
I have a new software update (10.8.2) I don't get this part of it. I don't want to download it unless it's a good idea.


It's a very good idea. Serious security holes have been found in all versions of Java. (Not the same security holes in all of them, but all of them have some security holes.)

In the past, Java was installed automatically as part of the OS, and the browsers were all given plugins that let websites use Java in their pages automatically. That was a powerful and convenient combination. If you visited a website that needed to use Java, it Just Workedâ„¢ with no effort on your part.

That power and convenience are fine in the absence of security flaws. In their presence, it's a recipe for disaster. Your machine can get infected without your being aware that you'd done anything risky.

In practice, almost no one actually used Java in their web pages. (Emphasis on the word "almost". Emphasis on the "in their web pages" qualifier.) That meant the vulnerability was there on every installation of OS X (and of Windows), with most users getting no benefit in exchange.

Apple (and Oracle, who are now the official custodians of Java) have patched several of the security flaws in Java, but more are being found almost monthly. As a safety measure, Apple has decided to make it Not Quite Just Work. The steps they've taken:

As of Lion, Java is not installed automatically in OS X. If you need it (and some users do, mostly for non-web applications, but for a significant number of web applications as well), you can install it explicitly.

Safari won't use the Java plug-in automatically. If a web page asks to use Java, Safari asks you if it's OK. You normally have to give your OK once, but if you then wind up not using Java for a month, Safari assumes this was a one-time-only need, and your OK expires.

With this patch, even if you install Java, the browser plug-in for it no longer comes from Apple. If you want Java in your browser, you have to get the plug-in from Oracle. Oracle is the official custodian, as I mentioned, and is accepting responsibility for making sure you're always using the latest, safest version available (if you use it at all). (The plug-in you used to get from Apple, Apple had to get from Oracle. They've agreed to cut out the middle-man.)

If you're not using Java, it won't make any difference whether you install this software update, at least in so far as Java security goes. If you don't know if you're using Java, better to install it anyway.

But the 10.8.2 update fixes other things too, and you would want to install it for those things anyway. When Apple tells you what an update fixes, they only hit the highlights. A lot of little niggling bugs get squashed without comment. I've already noticed several things fixed in 10.8.2 that Apple doesn't even consider worth mentioning.

So, yeah, you want to install the 10.8.2 update.
Posted By: plantsower Re: Software Update - 10/18/12 03:18 AM
Thanks, Ganbustein, for the thorough explanation. I will install the update now!

Rita
Posted By: jchuzi Re: Software Update - 10/18/12 09:39 AM
For more information about Java, read Apple updates Java for OS X and Java Preferences missing after latest OS X Java update.
Posted By: plantsower Re: Software Update - 10/18/12 04:42 PM
OK. Thanks, Jon. I'll read that stuff. Rita
Posted By: Ira L Re: Software Update - 10/19/12 02:26 PM
I have been following the Java update stories, and most of them read like Apple has screwed up and is providing an incomplete update. However, this article adds clarity (at least for me).

In brief, what it says is that Apple is getting out of the "supplying Java business" and sending people to Oracle (the original developer of Java) for Java. Hence, no plug-ins or preference panes from Apple. Java will become like Flash for Apple users: if you want it, go get it at this place, and that provider will give you what you need and keep you up-to-date.

None of this addresses any new compatibility issues that might result from Java 7 via Oracle.
Posted By: plantsower Re: Software Update - 10/19/12 07:16 PM
Thanks, Ira.

You know, with my old iBook G4, I would go onto a website and it would say I didn't have Java, so it wouldn't work for me. I did have Java and it was enabled. But, for some reason, it wasn't recognized as such.

Is there something else like Java we can use should that happen to me again?

Thanks.

Rita
Posted By: alternaut Re: Software Update - 10/19/12 07:58 PM
Originally Posted By: plantsower
I did have Java and it was enabled. But, for some reason, it wasn't recognized as such.

The Java browser plugin was installed and enabled as well?
Posted By: plantsower Re: Software Update - 10/19/12 08:45 PM
I don't know. How do I check that? Java worked for most things otherwise.

Rita



Originally Posted By: alternaut
Originally Posted By: plantsower
I did have Java and it was enabled. But, for some reason, it wasn't recognized as such.

The Java browser plugin was installed and enabled as well?
Posted By: alternaut Re: Software Update - 10/19/12 09:08 PM
In Safari: select Installed Plug-ins from the Help menu. Go down the list or search the page for 'Java'.
Next, open Safari Prefs' Security* pane, and make sure that under 'Web Content' the radio boxes Enable plug-ins and Enable Java are checked. Note that this will open you to various Java exploits that are out in 'the wild'.

*) Apple has been moving towards eliminating Java from its OS installs. This includes no default Java installation, and removal or disabling of plugins. In addition, the location of the controls described above may differ, as I don't have a Mountain Lion w/Safari 6 install at hand to check. But for Tiger it should work.
Posted By: plantsower Re: Software Update - 10/19/12 09:30 PM
I did what you said. There are 11 Mime Type java applets. Two have descriptions: One says Basic Java Applets. The other says 1.3.1 Specific Java Applets. The others don't have description.

Under all that I have Java plug-in for Cocoa. There are two of them. One is JNLP applications and the other is Basic Java Applets.

Hope that helps.








Originally Posted By: alternaut
In Safari: select Installed Plug-ins from the Help menu. Go down the list or search the page for 'Java'.
Next, open Safari Prefs' Security* pane, and make sure that under 'Web Content' the radio boxes Enable plug-ins and Enable Java are checked. Note that this will open you to various Java exploits that are out in 'the wild'.

*) Apple has been moving towards eliminating Java from its OS installs. This includes no default Java installation, and removal or disabling of plugins. In addition, the location of the controls described above may differ, as I don't have a Mountain Lion w/Safari 6 install at hand to check. But for Tiger it should work.
Posted By: alternaut Re: Software Update - 10/19/12 09:53 PM
You didn't mention the Safari Prefs-Security settings. I suppose they were OK?
Posted By: plantsower Re: Software Update - 10/19/12 10:04 PM
Oh, sorry. Yes, all four were checked, actually.


Originally Posted By: alternaut
You didn't mention the Safari Prefs-Security settings. I suppose they were OK?
Posted By: alternaut Re: Software Update - 10/19/12 10:36 PM
If your Java version is up to snuff but still won't work, something is either broken or missing (I'm assuming we're talking about the G4 on Tiger). That's going to be a pain to find out, but I may be able to check a Tiger install to compare with what you listed.
Posted By: plantsower Re: Software Update - 10/19/12 10:39 PM
Oh, don't bother yourself. I only use the iBook if I need some old info or in case my Macbook Pro breaks down.

I do appreciate the offer, though. I've lived with it this long. I haven't had the Macbook Pro long enough to know if I am even going to have any java problems.

Rita


Originally Posted By: alternaut
If your Java version is up to snuff but still won't work, something is either broken or missing (I'm assuming we're talking about the G4 on Tiger). That's going to be a pain to find out, but I may be able to check a Tiger install to compare with what you listed.
Posted By: alternaut Re: Software Update - 10/19/12 10:48 PM
Just to minimize potential risk with Java exploits while you're surfing the web, you may really want to uncheck the Enable Java box in Safari Prefs' Security pane unless and until you know you need it on a site that's safe.
Posted By: plantsower Re: Software Update - 10/19/12 10:55 PM
In Safari 6.0, on the Java Security Page in Prefs, there is a box to check that says: Warn when visiting a fraudulent website. Would I still need to uncheck Enable java in this case?

Thanks.

Rita


Originally Posted By: alternaut
Just to minimize potential risk with Java exploits while you're surfing the web, you may really want to uncheck the Enable Java box in Safari Prefs' Security pane unless and until you know you need it on a site that's safe.
Posted By: alternaut Re: Software Update - 10/19/12 11:27 PM
Yes, absolutely. Some exploits only require you to visit a site, nothing else. By the time that fraud 'check' kicks in (if it does), you may already be covered in the proverbial doo-doo while your Mac is done for. Just don't take unnecessary chances.
Posted By: plantsower Re: Software Update - 10/20/12 12:36 AM
OK. Will do and done! Thanks so much.

Rita


Originally Posted By: alternaut
Yes, absolutely. Some exploits only require you to visit a site, nothing else. By the time that fraud 'check' kicks in (if it does), you may already be covered in the proverbial doo-doo while your Mac is done for. Just don't take unnecessary chances.
© FineTunedMac