"This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets."
For us this would cause more headaches as our Juniper SSL VPN solution uses a Java applet to pre-check systems. Having the plug-in auto-disable itself would cause issues for the infrequent VPN user. This "feature" isn't so appealing in our environment.
-Eric
On 4/12/12 4:39 PM, "Steve Fair" <edumact...@GMAIL.COM> wrote:
This electronic message, including any attachments, may contain proprietary, confidential or privileged information for the sole use of the intended recipient(s). You are hereby notified that any unauthorized disclosure, copying, distribution, or use of this message is prohibited. If you have received this message in error, please immediately notify the sender by reply e-mail and delete it.
Java for OS X 2012-003 for 10.7 is also available and is different in that it disables automatic loading of Java applets and continues to disable it if you don't use them. From the update:
This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.
Christopher A. Grande Middlesex Community College Information Technology Department 100 Training Hill Road Middletown, CT 06457 860.343.5825 phone 860.343.6903 fax
From: John Slaughter <John.Slaughte...@ND.EDU<mailto:John.Slaughte...@ND.EDU>> Reply-To: Mac OS X enterprise deployment project <MACENTERPR...@LISTS.PSU.EDU<mailto:MACENTERPR...@LISTS.PSU.EDU>> Date: Thursday, April 12, 2012 4:42 PM To: Mac OS X enterprise deployment project <MACENTERPR...@LISTS.PSU.EDU<mailto:MACENTERPR...@LISTS.PSU.EDU>> Subject: Re: MacOS 10.6 Java update 8 out
Gotta keep up with the Java malware.
;-)
Sent from my iPhone
On Apr 12, 2012, at 4:41 PM, "Sam Stigler" <sstig...@JTDSCHOOL.COM<mailto:sstig...@JTDSCHOOL.COM>> wrote:
Note the text about "This update also configures the Java web plug-in to disable the automatic execution of Java applets" is only for the Lion Java (2012-003, http://support.apple.com/kb/HT5242 ). The Snow Leopard version of the KBase article ( http://support.apple.com/kb/HT5243 ) doesn't mention this.
I wonder how this plays into corporate Java-based applications (Oracle Financials, Juniper SSL VPN & Network Connect). We'd previously been enabling Java in Lion via MCX, which I'd hope would still work. But how this works for non-corporate Lion Macs using Juniper VPN to connect to us is unknown. Previously users were just prompted to install the Java Runtime when then encountered the Java application in the browser.
> Note the text about "This update also configures the Java web plug-in to disable the automatic execution of Java applets" is only for the > Lion Java (2012-003, http://support.apple.com/kb/HT5242 ). The Snow Leopard version of the KBase article ( > http://support.apple.com/kb/HT5243 ) doesn't mention this.
> I wonder how this plays into corporate Java-based applications (Oracle Financials, Juniper SSL VPN & Network Connect). We'd > previously been enabling Java in Lion via MCX, which I'd hope would still work. But how this works for non-corporate Lion Macs using > Juniper VPN to connect to us is unknown. Previously users were just prompted to install the Java Runtime when then encountered the > Java application in the browser.
> - Patrick
> On Thu, 12 Apr 2012 16:03:25 -0500, Steve Fair <edumact...@GMAIL.COM> wrote:
>> I had to get it from software update.
>> On Apr 12, 2012, at 3:54 PM, Sam Stigler wrote:
>>> Does anyone have a direct link for the Snow Leopard version of this update? It's not showing up on apple.com/support/downloads > for me.
>>> Sam
>>> On Apr 12, 2012, at 1:42 PM, "John Slaughter" <John.Slaughte...@ND.EDU> wrote:
>>>> Gotta keep up with the Java malware.
>>>> ;-)
>>>> Sent from my iPhone
>>>> On Apr 12, 2012, at 4:41 PM, "Sam Stigler" <sstig...@JTDSCHOOL.COM> wrote:
>>>>> Seriously? I just installed update 7 )-:
>>>>> On Apr 12, 2012, at 1:40 PM, "Steve Fair" <edumact...@GMAIL.COM> wrote:
> Note the text about "This update also configures the Java web plug-in to disable the automatic execution of Java applets" is only for the > Lion Java (2012-003, http://support.apple.com/kb/HT5242 ). The Snow Leopard version of the KBase article ( > http://support.apple.com/kb/HT5243 ) doesn't mention this.
> I wonder how this plays into corporate Java-based applications (Oracle Financials, Juniper SSL VPN & Network Connect). We'd > previously been enabling Java in Lion via MCX, which I'd hope would still work. But how this works for non-corporate Lion Macs using > Juniper VPN to connect to us is unknown. Previously users were just prompted to install the Java Runtime when then encountered the > Java application in the browser.
If Java is disabled in Safari and in the Java prefs then it will ask you if you want it enabled when you require it.
>> Note the text about "This update also configures the Java web plug-in >>to disable the automatic execution of Java applets" is only for the >> Lion Java (2012-003, http://support.apple.com/kb/HT5242 ). The Snow >>Leopard version of the KBase article ( >> http://support.apple.com/kb/HT5243 ) doesn't mention this.
>> I wonder how this plays into corporate Java-based applications (Oracle >>Financials, Juniper SSL VPN & Network Connect). We'd >> previously been enabling Java in Lion via MCX, which I'd hope would >>still work. But how this works for non-corporate Lion Macs using >> Juniper VPN to connect to us is unknown. Previously users were just >>prompted to install the Java Runtime when then encountered the >> Java application in the browser.
>If Java is disabled in Safari and in the Java prefs then it will ask you >if you want it enabled when you require it.
FYI - i just installed it on a test mac running 10.7.3 and java applets won't load in Safari no matter what I do. I can however run applets in Google Chrome.
I tested disabling Java in Safari and via the Preference and Safari doesn't prompt me in any way to ask if I want to enable it.
On Fri, Apr 13, 2012 at 8:09 AM, Tubbiola Tom <ttubbi...@oakley.com> wrote: > I haven't run into this yet, can a non-admin user enable Java if they are > prompted in this way?
> Tom
> On 4/12/12 3:03 PM, "mathieu xavier" <matxdo...@GMAIL.COM> wrote:
> >On 2012-04-12, at 2:38 PM, Patrick Fergus wrote:
> >> Note the text about "This update also configures the Java web plug-in > >>to disable the automatic execution of Java applets" is only for the > >> Lion Java (2012-003, http://support.apple.com/kb/HT5242 ). The Snow > >>Leopard version of the KBase article ( > >> http://support.apple.com/kb/HT5243 ) doesn't mention this.
> >> I wonder how this plays into corporate Java-based applications (Oracle > >>Financials, Juniper SSL VPN & Network Connect). We'd > >> previously been enabling Java in Lion via MCX, which I'd hope would > >>still work. But how this works for non-corporate Lion Macs using > >> Juniper VPN to connect to us is unknown. Previously users were just > >>prompted to install the Java Runtime when then encountered the > >> Java application in the browser.
> >If Java is disabled in Safari and in the Java prefs then it will ask you > >if you want it enabled when you require it.
The KB article http://support.apple.com/kb/HT5242 says that it removes the most common variants of Flashback. However, does it also stop the malware from installing? Will it detect it if one tries to install Flashback malware manually and stop it before it installs?
If it doesn't stop it from getting installed, will one have to re-run the update again to remove Flashback?
Or does none of this matter because the vulnerability used by the malware no longer exists in Java (patched up in the latest version)?
Take care,
Balmes Pavlov Technical Support Specialist Pace University 1 Pace Plaza W209 New York, NY 10038
-----Original Message----- From: Mac OS X enterprise deployment project [mailto:MACENTERPR...@lists.psu.edu] On Behalf Of Steve Fair Sent: Thursday, April 12, 2012 4:40 PM To: MACENTERPR...@LISTS.PSU.EDU Subject: MacOS 10.6 Java update 8 out
It sounds like it would be a one time removal, but it wouldn't matter because you have been updated to a version that is no longer vulnerable to that exploit.
On Apr 12, 2012, at 16:08, "Pavlov, Balmes" <bpav...@pace.edu> wrote:
> The KB article http://support.apple.com/kb/HT5242 says that it removes the most common variants of Flashback. However, does it also stop the malware from installing? Will it detect it if one tries to install Flashback malware manually and stop it before it installs?
> If it doesn't stop it from getting installed, will one have to re-run the update again to remove Flashback?
> Or does none of this matter because the vulnerability used by the malware no longer exists in Java (patched up in the latest version)?
> Take care,
> Balmes Pavlov > Technical Support Specialist > Pace University > 1 Pace Plaza W209 > New York, NY 10038
> -----Original Message----- > From: Mac OS X enterprise deployment project [mailto:MACENTERPR...@lists.psu.edu] On Behalf Of Steve Fair > Sent: Thursday, April 12, 2012 4:40 PM > To: MACENTERPR...@LISTS.PSU.EDU > Subject: MacOS 10.6 Java update 8 out
Flashback/Flashfake exploits a Java vulnerability that is already patched in the previous Java Update 2012-001/002. So, if you even have this update, you already have a system that cannot be infected with this malware in the first place -- or re-infected if the system already was.
Java Update 2012-003 also configures Java to not automatically run Java applets, which helps prevent *future* malware from exploiting yet-undiscovered Java vulnerabilities in the same fashion as this trojan.
- Dave
On Apr 12, 2012, at 6:03 PM, Pavlov, Balmes wrote:
> The KB article http://support.apple.com/kb/HT5242 says that it removes the most common variants of Flashback. However, does it also stop the malware from installing? Will it detect it if one tries to install Flashback malware manually and stop it before it installs?
> If it doesn't stop it from getting installed, will one have to re-run the update again to remove Flashback?
> Or does none of this matter because the vulnerability used by the malware no longer exists in Java (patched up in the latest version)?
> Take care,
> Balmes Pavlov > Technical Support Specialist > Pace University > 1 Pace Plaza W209 > New York, NY 10038
> -----Original Message----- > From: Mac OS X enterprise deployment project [mailto:MACENTERPR...@lists.psu.edu] On Behalf Of Steve Fair > Sent: Thursday, April 12, 2012 4:40 PM > To: MACENTERPR...@LISTS.PSU.EDU > Subject: MacOS 10.6 Java update 8 out
Looks like Apple also released a standalone tool in case one gets Flashback through other means outside of the Java exploit. Just in case anyone is interested. It's for OS X Lion without Java installed.
-----Original Message----- From: Mac OS X enterprise deployment project [mailto:MACENTERPR...@lists.psu.edu] On Behalf Of Dave Schroeder Sent: Thursday, April 12, 2012 7:46 PM To: MACENTERPR...@LISTS.PSU.EDU Subject: Re: MacOS 10.6 Java update 8 out
Flashback/Flashfake exploits a Java vulnerability that is already patched in the previous Java Update 2012-001/002. So, if you even have this update, you already have a system that cannot be infected with this malware in the first place -- or re-infected if the system already was.
Java Update 2012-003 also configures Java to not automatically run Java applets, which helps prevent *future* malware from exploiting yet-undiscovered Java vulnerabilities in the same fashion as this trojan.
- Dave
On Apr 12, 2012, at 6:03 PM, Pavlov, Balmes wrote:
> The KB article http://support.apple.com/kb/HT5242 says that it removes the most common variants of Flashback. However, does it also stop the malware from installing? Will it detect it if one tries to install Flashback malware manually and stop it before it installs?
> If it doesn't stop it from getting installed, will one have to re-run the update again to remove Flashback?
> Or does none of this matter because the vulnerability used by the malware no longer exists in Java (patched up in the latest version)?
> Take care,
> Balmes Pavlov > Technical Support Specialist > Pace University > 1 Pace Plaza W209 > New York, NY 10038
> -----Original Message----- > From: Mac OS X enterprise deployment project [mailto:MACENTERPR...@lists.psu.edu] On Behalf Of Steve Fair > Sent: Thursday, April 12, 2012 4:40 PM > To: MACENTERPR...@LISTS.PSU.EDU > Subject: MacOS 10.6 Java update 8 out
