Difference: MacOSXJava6SecurityProblem (3 vs. 4)

Revision 42013-02-12 - PaulBalm

Line: 1 to 1
 
META TOPICPARENT name="HipeKnownIssues"

Java 6 WebStart and Applet problem on Mac OS X

Line: 13 to 13
 
OS X Version Latest Java 6 update Latest Java 7 update How you're affected
10.5 ("Leopard") Update 37 (affected) Not supported The blocking mechanism was introduced in OS X 10.6, so the software is not blocked on this platform and you will not encounter problems working with HIPE or the HSA User Interface. But you are exposed to a serious security problem, and we recommend that you upgrade the OS.
10.6 ("Snow Leopard") Update 39 (problem fixed) Not supported The user will have to make sure to update to the latest version of Java 6 using the App Store to solve the problem (access it via the Apple icon in the menu bar and choosing "Software Update".
Changed:
<
<
10.7 ("Lion") and 10.8 ("Mountain Lion") Update 37 (affected, WebStart and applets blocked) Update 13 (problem fixed) The user will have to make sure to update to the latest version of Java 7 by visiting http://www.java.com. Installing or updating Java 7 will not affect HIPE, which runs on Java 6. WebStart applications can be started from the browser using Java 7. For WebStart applications to start from HIPE correctly, the user has to remove the block manually (explanation below).
>
>
10.7 ("Lion") and 10.8 ("Mountain Lion") Update 37 (affected, WebStart and applets blocked) Update 13 (problem fixed) See "Information for users of OS X 10.7 (Lion) and 10.8 (Mountain Lion)" below.
 
Changed:
<
<

Manually removing the block applied by Apple

>
>

Information for users of OS X 10.7 (Lion) and 10.8 (Mountain Lion)

 
Changed:
<
<
This step is only required in some cases, for some versions of OS X. See the table above.
>
>
There are two ways to regain access to the HSA User Interface: By accessing it via the browser using the latest update of Java 7, or by accessing it from HIPE, which you will have to install and run on Java 7 in this case.
 
Changed:
<
<
Apple blocked WebStart and Java applets in certain versions of Java. It is possible to remove this block, but: It is very important to realize the security threat that removing the block poses. If you use Java 6 in your browser, you will be open to the security problem explained above, and we advise strongly against removing the block in this case. Therefore our recommendation is to start by installing Java 7 for use in the browser.

Install Java 7 in the browser: Go to http://www.java.com and click the button "Free Java Download". You can check the Java version that your browser uses by visiting http://www.javatester.org/version.html. "Java 7 update 13" is reported as "1.7_13".

After this step, Java 6 should only be used to run HIPE and to start WebStart applications from HIPE. Because we trust that the applications started by HIPE do not contain malware, we can then remove the block on Java WebStart and Java browser plug-in for this version. We will not use the Java browser plug-in, but both are considered under the nomer "Java plug-in", so we can only enable or disable both.

Remove the block on Java 1.6 update 37:

sudo /usr/libexec/PlistBuddy -c "Set :JavaWebComponentVersionMinimum 1.6.0_37-b06-434" /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

Unfortunately, just as Apple has initially silently applied this block, they can come back and re-apply it, even though it's been manually removed. This has been reported to happen after reboots. If it happens, one can simply execute the above command again. You can also execute the command below, which updates the "last modified" date in the relevant file, which has been said to stop Apple from updating the file on your behalf:

sudo /usr/libexec/PlistBuddy -c "Set :LastModification Fri,\ 08\ Feb\ 2014\ 00:54:09\ GMT" XProtect.meta.plist
>
>
In order to start the HSA User Interface from the browser, make sure to update to the latest version of Java 7 by visiting http://www.java.com. If you have a HIPE installation using Java 6, installing or updating Java 7 will not affect it. After installing or updating Java in the browser, WebStart applications can be started from there. In the case of the HSA UI by going to http://archives.esac.esa.int/hsa/ui/hui.jnlp.
 
Added:
>
>
The other possibility is to uninstall Java 6, install Java 7 and re-install HIPE. This way, HIPE should run on Java 7. HIPE has not been validated to work correctly on Java 7, but we have no reason to believe that there are any issues. We plan to provide a more detailed procedure on how to go about this installation in the future.
  -- PaulBalm - 11 Feb 2013 \ No newline at end of file
 
This site is powered by the TWiki collaboration platform Powered by Perl