+- MacResource (https://forums.macresource.com)
+-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1)
+--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3)
+--- Thread: Just HOW did Apple "remotely disable" Java plugin on macs? Anyone else find this disturbing? (/showthread.php?tid=147215)
Just HOW did Apple "remotely disable" Java plugin on macs? Anyone else find this disturbing? - hal - 01-14-2013
I had no idea that apple could reach in from the net and make changes to my computer without my approval. I have no doubt of their benign intentions, but still... I don't like that.
I run a Java-based app, JBidwatcher 24/7 - should I worry? Should I shut it down?
This exploit seems to have EVERYONE scurrying to a far greater degree than ever before. It must be seriously dangerous - I suspect that we haven't heard just how dangerous yet...
Re: Just HOW did Apple "remotely disable" Java plugin on macs? Anyone else find this disturbing? - Black - 01-14-2013
In my case I woke up just in time to find a cute young genius coming down my chimney.
Thanks, Apple ;-)
Re: Just HOW did Apple "remotely disable" Java plugin on macs? Anyone else find this disturbing? - Chakravartin - 01-14-2013
> Just HOW did Apple "remotely disable" Java plugin
Your Mac phones home once a day for an update to a malware-blacklist file.
> I run a Java-based app, JBidwatcher 24/7 - should I worry?
> Should I shut it down?
So far as is known, the malicious code is distributed through web sites, so disabling the plugin as Apple did should be enough to protect you.
...Unless you've already got it on your Mac.
Re: Just HOW did Apple "remotely disable" Java plugin on macs? Anyone else find this disturbing? - deckeda - 01-14-2013
This sort of thing has been available, and probably done by default on most user's Macs since 10.6. A file called Xprotect.plist gets updated. It's been referred to as Xprotect for that reason but Apple doesn't call it that; some other company owns that name for something else. A company making software that let's you tweak that file (Xprotect Brain) describes like this:
With this security update, Apple added an option to the "General" tab of the "Security" System Preferences panel labeled "Automatically update safe downloads list". If this option is enabled (which it is by default) then approximately every 24 hours the system will check Apple's servers to see if a new version of the malware definition list is available, and will install the update if found.
If the option is turned off, then no automatic malware definition update will take place.
Re: Just HOW did Apple "remotely disable" Java plugin on macs? Anyone else find this disturbing? - deckeda - 01-14-2013
Beaten to the punch by Chak.
One thing Soohos for example has warned about is that because it only looks for browser-based injections it can't catch something that comes in via some other way such a Skype file transfer or whatever.
Re: Just HOW did Apple "remotely disable" Java plugin on macs? Anyone else find this disturbing? - decay - 01-14-2013
also...
http://appleinsider.com/articles/12/06/12/apple_pushes_out_java_updates_to_disable_automatic_applet_execution
Re: Just HOW did Apple "remotely disable" Java plugin on macs? Anyone else find this disturbing? - miK. - 01-14-2013
Chakravartin wrote: Your Mac phones home once a day for an update to a malware-blacklist file.
So is this done even if "Check for updates" is unchecked in Software Update? (as on my Hackintosh)
Re: Just HOW did Apple "remotely disable" Java plugin on macs? Anyone else find this disturbing? - decay - 01-14-2013
from Dec 2011:
http://nakedsecurity.sophos.com/2011/12/05/how-to-keep-mac-os-xs-safe-downloads-list-up-to-date/
When you download an application via Safari or an attachment in Mail and then try to open it, Apple checks the file against its "safe downloads list" (sometimes called "XProtect.plist" after its file name) to ensure it doesn't contain any known Mac malware.
Mac OS X is supposed to check for updates to this malware definitions list daily, but you can force an update using one of the following techniques.
The first method is to click on the Apple menu and select "System Preferences..." and then from the main window click on Security, then click on the General tab, and then uncheck and re-check the box next to "Automatically update safe downloads list" (note that you may need to click on the lock and type an administrator password first). If you don't see this checkbox, you should make sure you're running either Lion (v10.7 or later) or the latest version of Snow Leopard (v10.6.8).
***
Snow Leopard users that installed Apple’s Security Update 2011-003 can get daily safe file updates Safari uses to help make sure malware doesn’t find its way onto their Macs. Apple doesn’t, however, offer an easy way to tell when your definitions list was last updated, or what list version number is installed, so The Mac Observer whipped up Safe Download Version to handle that task for you.
Re: Just HOW did Apple "remotely disable" Java plugin on macs? Anyone else find this disturbing? - DP - 01-14-2013
I went to Preferences in Firefox and found nothing about Java in the Security tab. I found "Enable Java Script" in the Contents tab-shoulld I uncheck that?
Re: Just HOW did Apple "remotely disable" Java plugin on macs? Anyone else find this disturbing? - hal - 01-14-2013
Thanks for the great explanations. Glad that the ability can be shut off if I wanted to...