Knowledgebase
Java Applets blocked
Posted by Chris Bailey on 11 January 2013 04:00 PM

UPDATE Feb 1, 2013 5:30pm:

Oracle has released an update that resolves the security issue.  All users on all platforms should update at http://java.com

http://www.macrumors.com/2013/02/01/oracle-releases-java-7-update-13-to-address-security-issues-reenable-web-plug-in-on-os-x/

--------------------------------------

A recent security vulnerability in Java has prompted various browsers to release updates that either warn the user about running applets, or block Java applets completely.  The bulletin can be seen here http://www.kb.cert.org/vuls/id/625617

On Windows, you may be warned that your Java is out of date and that you should update.  We have not encountered issues with running the applets on Windows at this point.

The implications of this issue are most serious on Mac OS X 10.7.X (Lion)  and Mac OS X 10.8.X (Mountain Lion).

On Mac OSX, the Safari browser has completely blocked Java applets, even when Java is explicitly enabled.  When you attempt to run an applet you will see a box with the text "Blocked Plug-in".  If you click this box, you will be prompted with the following dialog:

Safari warning

However performing this upgrade does not resolve the issue.  It appears that Apple has blocked Safari from running applets until the issue is resolved by Oracle.  See this link for more details http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-widespread-security-threat/

In Firefox 17 or lower on Mac, Java applets continue to function properly.  However Firefox may install a newer version in the background.  If you are automatically updated to Firefox 18, keep reading.

In Firefox 18 on Mac, you will see the following:

Firefox warning

Clicking on the box still allows the applet to run properly.

WORKAROUNDS FOR MAC OS X USERS:

Workaround 1: The easiest workaround is to use Firefox, and click on the gray box to run the Java applet.

Workaround 2: There is a workaround for Safari users, but it involves editing system files.  WE DO NOT ENDORSE THIS however it may be the only course of action if applets must be run immediately.

You must edit the following file as root: 

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist 

Look for this section in the file:

<key>com.oracle.java.JavaAppletPlugin</key>
<dict> 
<key>MinimumPlugInBundleVersion</key> 
<string>1.7.10.19</string>
</dict>

Modify the "1.7.10.19" to say "1.7.10.18" and save the file.  This will allow the latest version of Java from Oracle (1.7.0_10 b18) to run.

According to the Oracle Critical update page, an official Java update is expected by January 15th http://www.oracle.com/technetwork/topics/security/alerts-086861.html However they have not yet posted any details.  

If Java updates are available, your browser should automatically prompt you to upgrade. 

With the release of this patch Java applets will automatically be re-enabled in the Safari browser.

We will update this article as more information becomes available.

---------------------------------------

UPDATE Jan 13, 2013:  Oracle has released an update that resolves the security issue.  All users on all platforms should update at http://java.com

Read the official Oracle Security Alert here: http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html

---------------------------------------

UPDATE Feb 1, 2013:  Apple has again blocked Java applets form running in Safari.

---------------------------------------

UPDATE Feb 1, 2013:  Oracle has patched Java again, All users on all platforms should update at http://java.com

 

(0 vote(s))
Helpful
Not helpful

Comments (0)