Home > Java, Mac administration, Mac OS X, XProtect > Oracle Java 7 plug-in blocked by Safari

Oracle Java 7 plug-in blocked by Safari

It appears Apple has blocked Safari on 10.7 and 10.8 Macs from running Oracle’s Java 7 in the wake of a zero-day exploit for Java:

New Year Java Zero-Day Attacks Under Way


Update – January 31, 2013: It appears that Apple has blocked Java from running in Safari on Macs running 10.6.x and higher. New post with latest information available here.



Update – January 13, 2013: Oracle has released Java 7 Update 11 to address the vulnerabilities in Java 7 Update 10. Once Java 7 Update 11 has been installed, Safari will no longer block the Java plug-in.

You can download the latest Java installer for OS X from here: http://www.java.com/en/download/mac_download.jsp?locale=en


To verify this on your own machine:

1. Open Safari on a 10.7.x or 10.8.x Mac

2. Go to http://www.java.com/en/download/testjava.jsp to test your Java browser plug-in.

Instead of a report that Java is working, you’ll receive a Blocked Plug-In message.

Screen Shot 2013-01-11 at 9.39.41 AM

I’ve verified that 10.5.x and 10.6.x Macs do not appear to be affected by this, as they are not running Java 7.

Picture 1Screen shot 2013-01-11 at 10.07.36 AM

Oracle has not yet released an updated Java 7 installer, so there’s nothing currently available to fix this issue. The latest Java installer for OS X was released in November 2012 and contains the vulnerability.

The best workaround at this time is to use Firefox. I tested with Firefox 18 and Firefox is not blocking the Java plug-in at this time.

Update – January 12, 2013: Mozilla has announced that they are also now blocking the Java plug-in unless the user specifically authorizes it to run by clicking on the warning message for the plug-in.

Screen Shot 2013-01-12 at 2.57.08 PM

Chrome will not work as an alternate browser, as Oracle’s Java 7 browser plug-in only works with 64-bit applications. Firefox and Safari are both 64-bit, but Google Chrome is a 32-bit application.

Screen Shot 2013-01-11 at 9.45.26 AM

If the Java application you need to run does not require Java 7, you can also re-enable the Apple Java 6 browser plug-in. You can do this using the procedure in this post.

Update: The blocking was done by Apple’s built-in malware protection. For those interested, the list of acceptable browser plug-in versions is stored at /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

As of 12:26 PM on Friday, January 11th, XProtect.meta.plist on my 10.7.5 workstation had the following contents

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>LastModification</key>
	<string>Thu, 10 Jan 2013 22:48:02 GMT</string>
	<key>PlugInBlacklist</key>
	<dict>
		<key>10</key>
		<dict>
			<key>com.macromedia.Flash Player.plugin</key>
			<dict>
				<key>MinimumPlugInBundleVersion</key>
				<string>11.3.300.271</string>
			</dict>
			<key>com.oracle.java.JavaAppletPlugin</key>
			<dict>
				<key>MinimumPlugInBundleVersion</key>
				<string>1.7.10.19</string>
			</dict>
		</dict>
	</dict>
	<key>Version</key>
	<integer>1037</integer>
</dict>
</plist>

The plugin version installed by the current Oracle Java 7 Update 10 installer is 1.7.10.18. The plug-in blacklist is specifying that 1.7.10.19 or higher is required, so 1.7.10.18 is being blocked automatically.

  1. January 11, 2013 at 4:29 pm | #1

    Good call!
    I was just testing procedures to revert to the final Apple supplied version and checking the path back to a future Oracle version when I came across Apple blocking Java 7 10 in Safari like you describe.
    Now it’s covered :-)

  2. Jeff
    January 11, 2013 at 5:13 pm | #2

    I’ve been struggling with this issue all morning – googled it and landed at your blog. Thanks for posting an explanation and workaround. Perhaps your blog is seldom updated, but it is most definitely insightful! Thanks again.

  3. January 11, 2013 at 5:46 pm | #3

    I edited the plist to the correct version 1.7.10.18 and it works again as well.

  4. Alkivar
    January 11, 2013 at 6:05 pm | #4

    it is interesting to note that the Java 7 Update 12 preview gets blocked as well for some reason.

    • January 11, 2013 at 6:36 pm | #5

      If you run this command what version does it show you?

      /usr/bin/defaults read /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Info CFBundleVersion

  5. berba
    January 11, 2013 at 7:24 pm | #6

    Just change the version in the XProtect.meta.plist file from 1.7.10.19 to 1.7.10.18

    e.g.

    MinimumPlugInBundleVersion
    1.7.10.18

    Then save the file away and restart Safari. You’ll need root access (sudo su -) and a test editor like vim

  6. berba
    January 11, 2013 at 7:24 pm | #7

    *that should be a “text” editor like vim

  7. Obs0lete
    January 11, 2013 at 8:00 pm | #8

    Berba’s suggestion worked for me. You need to have a little technical knowhow to edit this file. It’s located in /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist and you’ll need to gain root access first, as suggested.

  8. January 11, 2013 at 8:01 pm | #9

    Same here. I have been struggling all day. But something funny, though my desktop is blocking it, my laptop isn’t. Both run Mac OS X 10.7.

  9. Tara
    January 11, 2013 at 8:55 pm | #10

    Any hope or help for those of us not versed in programing and reprograming?

  10. AB
    January 11, 2013 at 10:34 pm | #11

    Thank you for this very informative post about the “disabled plug-in” problem. I have added your website to my favorite-sites list! :-)

  11. Huang Huang
    January 12, 2013 at 2:13 am | #12

    great solution. takes me a whole day to get it done. Thanks a lot!

  12. George Ntoumenopoulos
    January 12, 2013 at 11:06 am | #13

    Thankyou so very much for this information. I kept thinking I have not ben downloading the java 7 update properly and wasted 1/2 a day til I came across your information !! many thanks

  13. Lisa Wo
    January 12, 2013 at 3:35 pm | #14

    My daughter can’t do online homework because of the block. Can anyone help me on how to fix the plist? Step by step instructions please!

  14. berba
    January 12, 2013 at 4:27 pm | #15

    In Finder, along the Menu Bar at the top go to:-

    Go > Go to the folder

    Type in:-

    /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources

    Click OK, this will bring up the Resources folder in Finder
    Look for the XProtect.meta.plist file in here

    Right click on the file and click “Copy XProtect.meta.plist”

    Open another finder window (probably easier if you place them side by side) then in this new Finder window, make sure you are in a different folder (like Documents) and on the Menu Bar do:-

    Edit > Paste

    This will paste a copy of the plist file into your Documents folder, then right click the file:-

    Open With > Other

    Then scroll down to “TextEdit” and click Open

    This opens the file in TextEdit, make the change as outlined:-

    Change
    1.7.10.19
    to
    1.7.10.18

    Save the file in TextEdit (File > Save) and exit TextEdit

    Now right click on this file and click “Copy XProtect.meta.plist”, go back to your Finder Window which has the /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources folder open, then do on the Menu Bar:-

    Edit > Paste

    This will overwrite the old .plist file with the new modified one, it will ask you for your account password before overwriting it

    Your account must be an Admin enabled account in order to do this

    There might be an easier way to do this in Finder, but as i did my change from the CLI, i’ve not really looked into it much

    • SFZ
      January 13, 2013 at 2:21 am | #16

      Thank you Berba for your step by step instructions. It took a while to find the library file, since it is hidden in Lion and Mountain Lion. To go there, I found out you have to hold down the option key and Library will appear in the Go menu in Finder. You have to hold down both keys simultaneously to bring up the Library. After that, it was a breeze following your instructions.

  15. Gidi
    January 12, 2013 at 5:57 pm | #17

    First, thanks for shedding light on a frustrating little problem.

    However, I followed Berba’s detailed instructions in post # 14, and now when I go to a web page requiring Java, the page loads, but the applet complains, in red: “Error, click for details”. Clicking opens a window with the following information:

    AccessControlException: access denied (“java.net.SocketPermission” “216.154.214.130:80″ “connect,resolve”).

    At the bottom of the wee window are three buttons: Details, Ignore, and Reload. The latter reloads the page with the same result, while the first opens a Java console with options that are completely opaque to me.

    Changing the file according to Berba’s instructions changes also the file’s permissions. However, repairing disk permissions does not help. Neither does restarting Safari.

    Firewire loads the page just fine.

    Ideas, anyone?

    TIA, Gidi

    • Gidi
      January 13, 2013 at 11:43 am | #18

      Hmm, weird. The mac slept, and overnight, without my doing anything, it now works. Weird.

      G.

  16. Red–Ox
    January 12, 2013 at 8:58 pm | #19

    Wow it worked just like magic! thanks a lot

  17. Jens
    January 12, 2013 at 9:51 pm | #20

    Thank you so much for this :)

  18. Lisa Wo
    January 13, 2013 at 3:26 pm | #21

    Berba, I can’t thank you enough for this tips. It worked!

  19. Britt Rosendahl Hansen
    January 13, 2013 at 3:31 pm | #22

    Apple has a simple guide to re-enabling the apple-provided Java 6 plug-in: http://support.apple.com/kb/HT5559?viewlocale=en_US&locale=en_US

  20. Tara
    January 13, 2013 at 4:02 pm | #23

    Thanks!!! Appreciate the step by step. The things we’ll do for a game of Settlers!

  21. January 14, 2013 at 3:57 pm | #24

    An Update has been released. http://www.java.com/en/download/testjava.jsp Java 7 Update 11

  22. January 31, 2013 at 9:17 am | #25

    Thankyou very much for your help

  23. January 31, 2013 at 1:42 pm | #26

    Thanks, it worked great even with 1.7.11.22

  24. AG
    February 1, 2013 at 12:41 pm | #27

    Great help. Thank you very much BERBA

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 125 other followers

%d bloggers like this: