Home > Bash scripting, Java, Mac administration, Mac OS X, XProtect > Changes to XProtect’s Java browser plug-in version management

Changes to XProtect’s Java browser plug-in version management

In last night’s XProtect update, Apple added two new version checks. The first new check looks for Apple’s com.apple.java.JavaAppletPlugin Java browser plug-in identifier. This Apple Java browser plug-in is running on Mac OS X 10.6.x or was installed on 10.7.x or later by Java for OS X 2012-005 or earlier. Installing Java for OS X 2012-006 and later on 10.7.x and 10.8.x automatically removes the Apple Java browser plug-in.

The second new check looks for Apple’s com.apple.java.JavaPlugin2_NPAPI Java browser plug-in identifier. In this case, the Apple Java plug-in was re-enabled using the procedure in the following Apple KBase article: http://support.apple.com/kb/HT5559

This update also removes the Oracle Java browser plug-in version check from 10.6.x’s XProtect. Both new Apple Java version checks and the Oracle Java browser plug-in version check are in the 10.7.x and 10.8.x XProtect. See below the jump for the details.

As of 5-11-2013, /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist on 10.6.8 looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>JavaWebComponentVersionMinimum</key>
	<string>1.6.0_45-b06-451</string>
	<key>LastModification</key>
	<string>Fri, 10 May 2013 19:07:37 GMT</string>
	<key>PlugInBlacklist</key>
	<dict>
		<key>10</key>
		<dict>
			<key>com.apple.java.JavaAppletPlugin</key>
			<dict>
				<key>MinimumPlugInBundleVersion</key>
				<string>13.9.5</string>
				<key>PlugInUpdateAvailable</key>
				<true/>
			</dict>
			<key>com.apple.java.JavaPlugin2_NPAPI</key>
			<dict>
				<key>MinimumPlugInBundleVersion</key>
				<string>13.9.5</string>
				<key>PlugInUpdateAvailable</key>
				<true/>
			</dict>
			<key>com.macromedia.Flash Player.plugin</key>
			<dict>
				<key>MinimumPlugInBundleVersion</key>
				<string>11.6.602.171</string>
			</dict>
		</dict>
	</dict>
	<key>Version</key>
	<integer>64</integer>
</dict>
</plist>

As of 5-11-2013, /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist on 10.7.5 and 10.8.3 looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>JavaWebComponentVersionMinimum</key>
	<string>1.6.0_45-b06-451</string>
	<key>LastModification</key>
	<string>Fri, 10 May 2013 19:07:37 GMT</string>
	<key>PlugInBlacklist</key>
	<dict>
		<key>10</key>
		<dict>
			<key>com.apple.java.JavaAppletPlugin</key>
			<dict>
				<key>MinimumPlugInBundleVersion</key>
				<string>14.7.0</string>
				<key>PlugInUpdateAvailable</key>
				<true/>
			</dict>
			<key>com.apple.java.JavaPlugin2_NPAPI</key>
			<dict>
				<key>MinimumPlugInBundleVersion</key>
				<string>14.7.0</string>
				<key>PlugInUpdateAvailable</key>
				<true/>
			</dict>
			<key>com.macromedia.Flash Player.plugin</key>
			<dict>
				<key>MinimumPlugInBundleVersion</key>
				<string>11.6.602.171</string>
			</dict>
			<key>com.oracle.java.JavaAppletPlugin</key>
			<dict>
				<key>MinimumPlugInBundleVersion</key>
				<string>1.7.21.12</string>
				<key>PlugInUpdateAvailable</key>
				<true/>
			</dict>
		</dict>
	</dict>
	<key>Version</key>
	<integer>2038</integer>
</dict>
</plist>

To help manage the new settings, I’ve updated my xprotect_re-enable_java_6_and_7.sh script:

The script has been tested on 10.6.8, 10.7.5 and 10.8.3, so it should cover all current OSs that use Appleā€™s XProtect malware protection.

The script and launchdaemon are available here on my GitHub repo: https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/xprotect_re-enable_java_6_and_7

  1. Jayson
    May 13, 2013 at 2:47 pm | #1

    For those of us who currently use the old version of the script and apply the updates regularly as provided by Apple and Oracle, what potential impact may we see with this change to XProtect?

    • May 13, 2013 at 3:25 pm | #2

      The main issue will be for Apple’s Java 6 browser plug-in. Using the old version of the script, you may have the “JavaWebComponentVersionMinimum” setting managed, but the new “com.apple.java.JavaAppletPlugin” and “com.apple.java.JavaPlugin2_NPAPI” settings would not be.

      As long as your version of Java is up to date, this doesn’t matter. It only matters when you haven’t updated to a new version and XProtect starts blocking versions that are older than that. In that case, not managing the new “com.apple.java.JavaAppletPlugin” and “com.apple.java.JavaPlugin2_NPAPI” settings may result in the Java browser plug-in being blocked.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 126 other followers

%d bloggers like this: