Difference: MacOSXJava6SecurityProblem (4 vs. 5)

Revision 52013-02-14 - PaulBalm

Line: 1 to 1
META TOPICPARENT name="HipeKnownIssues"

Java 6 WebStart and Applet problem on Mac OS X

ALERT! DISCLAIMER: This page is currently in DRAFT and does not describe an actual current recommendation from the HSC.

If you're reading this, then in all likelihood, you have attempted to start the HSA User Interface from HIPE 10.0 on Mac OS X 10.7 or 10.8 and you were presented the following pop-up:


For a quick bottom line, skip to the section for Lion and Mountain Lion users. An explanation follows below. Users of all versions of Mac OS X are affected by this problem, and all WebStart applications are affected, not only the HSA User Interface.

 A security problem was found in Java, which has led Apple to block Java WebStart and the Java browser plug-in (for Java applets) for the affected Java versions on Mac OS X. HIPE 10 runs on Java 6, and if you're using a version of Java 6 for which WebStart was blocked, then you will not be able to start the HSA User Interface, or any other WebStart application, from HIPE.

What's the security problem? Java WebStart applications and applets run inside a sandbox, which is a security feature. It means that these applications cannot access your local filesystem and they cannot access servers other than the one from which they were downloaded, unless the user allows this explicitly. The problem that has been found in certain versions of Java, is essentially a hole in this sandbox, so that these applications can potentially access the filesystem and send data anywhere on the internet. This bug is being exploited already. Apple has blocked the affect software on OS X 10.6 ("Snow Leopard") and later, so the security threat has been remedied on those systems. If you're using OS X 10.5, you are running a risk due to this issue.

Line: 15 to 21
10.6 ("Snow Leopard") Update 39 (problem fixed) Not supported The user will have to make sure to update to the latest version of Java 6 using the App Store to solve the problem (access it via the Apple icon in the menu bar and choosing "Software Update".
10.7 ("Lion") and 10.8 ("Mountain Lion") Update 37 (affected, WebStart and applets blocked) Update 13 (problem fixed) See "Information for users of OS X 10.7 (Lion) and 10.8 (Mountain Lion)" below.

Information for users of OS X 10.7 (Lion) and 10.8 (Mountain Lion)

There are two ways to regain access to the HSA User Interface: By accessing it via the browser using the latest update of Java 7, or by accessing it from HIPE, which you will have to install and run on Java 7 in this case.

Line: 24 to 31
 The other possibility is to uninstall Java 6, install Java 7 and re-install HIPE. This way, HIPE should run on Java 7. HIPE has not been validated to work correctly on Java 7, but we have no reason to believe that there are any issues. We plan to provide a more detailed procedure on how to go about this installation in the future.

-- PaulBalm - 11 Feb 2013 \ No newline at end of file

META FILEATTACHMENT attachment="MacOSX_WebStartBlocked.png" attr="" comment="" date="1360846320" name="MacOSX_WebStartBlocked.png" path="MacOSX_WebStartBlocked.png" size="24094" stream="MacOSX_WebStartBlocked.png" user="Main.PaulBalm" version="1"
This site is powered by the TWiki collaboration platform Powered by Perl