Quicktime Java Vulnerability (4/24/07) -

Similar Messages

• Is java vulnerable in safari 5.1? I have a macbook using 10.6.8

  I am worried about the java vulnerability.  I need it to pay bills on my banks website.  is java vulnerable in safari 5.1.  I am using a macbook with os 10.6.8

  The recently discovered zero-day flaw in Java 7 is so serious that the U.S. Department of Homeland Security has warned users to disable or uninstall it, and Apple has disabled the Java 7 plugin on Macs through its OS X anti-malware system, in order to protect users from a potentially serious security issue.
  You should disable Java (if not already done) until either the US Department of Homeland Security, or Oracle, declare it safe and Apple restore the facility. Oracle have released an update said to fix the security flaw, available from here:
  http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.h tml
  Javascript should not be disabled (it has nothing to do with Java), and is probably what your bank is using.

• [newbie] JNLP, Quicktime Java, WebObjects

  I'm developing a Java Client application that uses WebStart, Apple's Quicktime Java and WebObjects. (I'm new to WebStart and somewhat new to Java Client). Several issues have arisen. Quicktime likes to record stuff directly to hard disk. So, I'm going to have to figure out how to bypass the sandbox environment, or use the JNLP API to get around this. I'm having a hard time wrapping my head around this problem...
  - - WebObjects signs all the .jar fies for the application with a generic sig. This seems to prevent me from granting all permissions in the JNLP. From what I understand I can create a dummy JNLP file that imports the other .jnlp file as an extension. Is this right? If so, is it possible to create a dummy JNLP that doesn't have it's own content and just references another to accomplish this?
  -- Is there a way to grant access using the JNLP API so that Quicktime Java could write directly to the disc? I could put things into memory, then write using the JNLP API, but direct access would be cool.
  Thanks for any help for this newbie,
  Jaime

  - - WebObjects signs all the .jar fies for the
  application with a generic sig. This seems to prevent
  me from granting all permissions in the JNLP. From
  what I understand I can create a dummy JNLP file that
  imports the other .jnlp file as an extension. If this is a valid codesigning signature you can put the WebObjects
  jars in a component-extension and request <all-permissions> in
  that extension.
  Is this right? If so, is it possible to create a dummy JNLP
  that doesn't have it's own content and just references
  another to accomplish this?No - you still need a main (application-desc) jnlp file with a Main JAR
  (containing a Main class) and have it reference the extension.
  (this main jnlp file dosn't need to request <all-permissions> or
  have its Main JAR signed)
  >
  -- Is there a way to grant access using the JNLP API
  so that Quicktime Java could write directly to the
  disc? I could put things into memory, then write using
  the JNLP API, but direct access would be cool.No - there is no way to use the JNLP API to grant blankett
  disk i/o access to the application.
  >
  Thanks for any help for this newbie,
  Jaime/Dietz

• After installing Final cut server client on OSX 10.6.8 error: Apple QuickTime or the QuickTime Java component is not installed.

  After installing Final cut server client on OSX 10.6.8 error: Apple QuickTime or the QuickTime Java component is not installed.
  I know this error on windows machines but cannot get a solution for OSX.

  I have fixed this by installing the latest combo update

• What to make of this latest Quicktime/Java security flaw announcement?

  Here's the link:
  MacFixIt
  Secunia: "The vulnerability is caused due to an unspecified error within the Java handling in QuickTime. This can be exploited to execute arbitrary code when a user visits a malicious web site using a Java-enabled browser e.g. Safari or Fire fox."
  MacFixIt: "It appears that the flaw is triggered by simply accessing a malicious Web page--no further user action is required."
  I followed the instructions for Safari and quickly found some financial web sites unusable.
  For now I'm ignoring it but have backed up to my two bootable clone drives, one internal and the other external.
  What do people do with these vulnerability alerts arising from what I suppose fall under the "proof of concept" variety. Do nothing and wait until something happens?
  Raymon
  G4 933 MHz "2002 Quicksilver", 1.54 GB RAM, two 160 GB HD,   Mac OS X (10.4.9)   120 GB FireLite FW drive, iLife'06, LaCie d2 burner, 80 GB iPod

  Stanley,
  Thank you for your reply. I've since set up "User B", a non-Admin. account. Some questions:
  1. I have the Pictures and Music folders in the Shared user folder. I'm assuming any changes to these folders will take place only in these folders and not in their original counterparts in the Admin. account which I'm told I can delete later?
  2. I copied the Admin. user Library folder for User B. However, I still can't run my Netscape browser and email client applications while logged in User B without giving read/write privileges for the Admin User Library folder to User B. I haven't tried just assigning access to the Netscape Mozilla folder.
  For improved security I've denied access to the other Admin user folders.
  Taking a tip from Pogue's Missing Manual, Tiger Edition, I've clicked off the "Restart-Sleep-Shut Down" buttons in the login window.
  On the other hand, I've selected showing only the login passwords for each User in the login window. So no need to type in the user name. I've also since chosen better passwords.
  I've backed up to a bootable clone in an external Firewire drive.
  Any comments and advice would be much appreciated.
  ~Raymon

• Quicktime Java install bug?

  I've been trying to run this Java app that runs on pretty much every other Windows XP machine except mine; on my machine the app starts and then whines about something on the classpath: QTJava.zip. My machine happens to be the only that I've tried that has QT7 on it, in fact I've installed, uninstalled, and reinstalled QT7. I read on a mailing list that:
  "You can't just download QTJava.zip and put it into your classpath. You need to reinstall Quicktime to enable Quicktime for Java. If
  you just put QTJava.zip you will still get errors about your classpath, even though it's correct - that's because QTJava needs a dll to be installed and some stuff in the registry."
  It looks like the QT7 installer or uninstaller didn't do something correctly because my QT7 install seems to work fine although this is the first time I've ever had this bug and I've had QT on my machine for over a year. Has anybody else's classpath been infected by this bug?

  I do have the same problem did you find something about it?

• LMS Status regarding Java Vulnerability CVE-2010-4476

  Is LMS 3.2 affected by the Oracle Java Floating-Point Value Denial of Service
  Vulnerability?
  http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html
  What about Patches?

  Hi,
  Here is a link to the bug:
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtn86202
  Thanks

• Java vulnerability on Internet Explorer?

  I've noticed that when I try to enter a certain site with Internet Explorer a Java written virus tries to attack me. Does anyone know anything about this? How can I fix it?

  The first thing that the antivirus locates is a .exe. If I turn on Emergency Block right away the JVM doesn't start. However, if I don't turn on Emergency Block right away, the JVM starts and the antivirus detects a .class file. After that, the PC freezes for a while and I reset it (I won't wait to see what happens). When I restart, I find a folder named Sun with a lot of .class files inside.

• Java Not Working, And Still No Answers. What Gives?

  Okay, decided to start this topic anew, since the only response I got to the other one was a post calling me "rude and impatient" (I guess that's what they're calling "persistence" nowadays..) , instead of...well...ignoring my admittedly pushy and harsh tone and actually being helpful. However, for the sake of it, I do apologize for my attitude in my last topic.
  But I digress, let's start off on a new foot, eh? On to the problem that is STILL at hand(in other words, "patience" hasn't gotten me jack, not even a "we don't know yet"):
  So last night (10 PM January 20th), the Firefox Plugin Checker said that my Java version was outdated. I also got a pop-up saying that my current version of Java at the time (Java 7 update 10) had vulnerabilities. So to try and fix this, I went to the Java page and downloaded the update (Java 7 update 11).
  To check and see if my update was working, I went to Java's check page, as well as another page I use. And here I discovered a problem. I got a notification that an old version of Java had been detected, and another prompt to download the current version (which I had already done). So I erased all versions of Java from my control panel, and tried to check it again. And when I did, I got this: http://oi50.tinypic.com/35b6xx2.jpg and http://oi47.tinypic.com/15fg37p.jpg.
  As you can see, both pages tell me that I need to install a missing plugin of some sort. So, thinking this would resolve the issue, I clicked the Install Missing Plugin button. This is what it told me was missing: http://oi45.tinypic.com/302uwbl.jpg. So I clicked next to install it.... and got this: http://oi45.tinypic.com/2cici0x.jpg, which I assume means that the plugin did not install. So I pressed Manual Install... and was lead/linked right back to the Java download page (where it all began, and what doesn't seem to be working in the first place)
  I go to check my plugins again (Just to make sure and also for extra information), and it appears to say that my Java version is current (is that what "Java Deployment Toolkit 7.0.110.21" is? I don't know, I am not good at technology at all. Either way, here is what it looks like: http://oi48.tinypic.com/4kxzz4.jpg). So...if it is current, why is it not working (i.e. I am unable to play games, DO MY COLLEGE CLASSWORK, or play Java-based games)?
  If it helps anything, here is what my control panel looks like in regards to Java right now: http://oi45.tinypic.com/2qlxu9t.jpg Am I missing anything that would make Java work?
  And before anyone says that Java is not essential: It may be that way to you, but I need Java to do classwork for college. Veterinary college.
  So, in short, what is going on with Java, and how can I fix it?
  EDITEDITEDIT: I Have found that I can do my classwork without Java. HOWEVER, this DOES NOT mean that the problem is solved or over with. I STILL WANT TO KNOW HOW TO FIX THIS PROBLEM AND GET JAVA TO WORK. Even if I never actually need it, I would still like to have a (working!!!) Java version because of two reasons: 1) I would rather have such a program and not need it, than need such a program and not have it, and 2) aesthetics. Sorry to say, but I am very particular about how things look when it comes to my belongings, and the fact that Java is messing up is making me actually stressed. In short, I still want the above issue solved, even if it's just purely for the sake of Peace Of Mind.
  Another note: I would (please!) appreciate a timely response on this matter. Even if the response is a "We don't know what the issue is and/or we are working to solve this issue.", that would satisfy me for the time being. I would just like a semi-timely response that would let me know that FF/contributors here have read the above and actually give a semblance of a care about their userbase.
  Thank You.

  '''ponyparty, '''
  The first prompt you see in Firefox to activate Java is because Java is currently on the Mozilla blocklist ( the "Hot Topic" article [[How to use Java if it's been blocked]] explains the reason for block and how to activate Java, including how to bypass the plugin activation prompt for trusted sites).
  cor-el is right about why you are seeing a second [http://oi48.tinypic.com/de8f8y.jpg Java "Security Warning"] when trying to view Java applets, that you have to click to run. This is a ''' Java''' security feature and not anything Firefox does.
  Try the same Java sites in Internet Explorer .... don't you also see the Java "Security Warning?" If you want to lower your Java security back to "Medium" in the Java Control Panel, see http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/jcp.html#security for details. That's up to you but I would leave it on "High " since Java 7 is still basically insecure, according to the reports I've seen and [https://blog.mozilla.org/security/2013/01/11/protecting-users-against-java-vulnerability/ this "Protecting Users Against Java Vulnerability]" Mozilla blog post.
  If the second Java prompt is your only remaining issue then your problem is really solved, since it is a new Java security feature and not anything in Firefox.
  Some background:<br>
  At the time I was helping you in the [https://support.mozilla.org/en-US/questions/944267 older thread you started] (now locked because you started this one) the solution to uninstall JavaFX wasn't known. On Dec 13th I wrote, ''There may be problems with Java 7 Update 10 since a number of Windows users have reported that Firefox is not detecting the plugin'' and I linked to a couple of related threads, including [http://forums.mozillazine.org/viewtopic.php?f=38&t=2628935 this MozillaZine thread], in which uninstalling JavaFX as a solution was posted 22 Dec 2012. On 25 Dec 2012 in the same MozillaZine thread, I posted a link to [https://bugzilla.mozilla.org/show_bug.cgi?id=820759#c12 this Dec 24th bugzilla comment] by an Oracle employee, who posted that uninstalling JavaFX was a solution for '''Oracle's''' Java 7 detection bug. Oracle has been working on the bug (to be fixed in an upcoming Java 7 release) and they created [https://www.java.com/en/download/help/firefox_java.xml this java.com help page], which is now included in the related MozillaZine and Mozilla Support articles on Java that I posted above.

• Java  7 on my Mac

  iMac 21.5 inch, Mid 2011
  Software: Mac OSX Lion 10.7.5 (11G63)
  Safari: Version 6.1.6 (7537.78.2)
  Processor: 2.5 GHz Intel Core i5
  Memory: 4GB 1333 MHz DDR3
  Graphics: AMD Radeon HD 6750M 512 MB
  Should I keep the following plug-ins on my Mac?
  Are they safe to use (specifically Java)?
  Adobe Flash Player
  Version 17.0.0.169
  Adobe Reader
  Version 10.1.13
  Garmin Communicator   
  Version 4.2.0.0
  Google Earth
  Version 7.1
  Java
  Version 7 Update 75 (build 1.7.0_75-b13)
  Quick Time
  Version 7.7.1
  SharePoint Browser
  Version 14.4.9
  Silverlight
  Version 4.0.60831.0
  Thank you in advance for any info.

  Hello mandolin_summer, Java 7 update 11 is vulnerable, so in firefox is blocked for your protection, see : [https://addons.mozilla.org/eN-US/firefox/blocked/p182 Java Plugin 7 update 11 and lower (click-to-play), Windows has been blocked for your protection]
  see reviews for the vulnerability :
  http://www.pcworld.com/article/2025424/new-java-exploit-sells-for-5000-on-black-web-possible-threat-to-millions-of-pcs.html
  http://seclists.org/fulldisclosure/2013/Jan/142
  http://www.pcworld.com/article/2025178/oracle-releases-java-fix-but-security-concerns-remain.html
  http://news.yahoo.com/oracle-updates-java-security-experts-bugs-remain-041707439--sector.html
  if you like read all the discussion : [https://support.mozilla.org/en-US/forums/contributors/708898?last=50261 SUMO community discussions - Another Java vulnerability...]
  see also : [https://support.mozilla.org/en-US/kb/how-to-use-java-if-its-been-blocked#os=mac&browser=fx18 How to use Java if it's been blocked]
  now, the supported 6.38 version is in the next link but '''''it is not''''' for your 10.8 mac : http://java.com/en/download/manual_v6.jsp
  http://www.oracle.com/technetwork/java/javase/index-137561.html
  http://www.oracle.com/technetwork/java/javase/system-configurations-135212.html
  definitely see also : http://kb.mozillazine.org/Java#Java_downloads
  thank you

• What needs to be done to avoid the vulnerability discovered according to hacking story yesterday?

  what needs to be done to avoid the vulnerability discovered according to hacking story yesterday?

  abombaci wrote:
  This software update is only available for people that have Java installed on their Macs. For someone like me since I don't, I don't get the update because I don't need it.
  Then you don't need to worry about the Java vulnerability being exploited on your Mac.

• Java Application request permission to run?

  Since updating Firefox to 18.0, some of my websites no longer work. These are sites where java is used. Some of these are know safe sites (they are company owned, use important web apps written in java, hosted locally). These are mission critical apps, but no longer work. They keep giving the message, "An application from the location below is requesting permission to run." It then gives the URL. I have the option to Run or Cancel. There is a check box for "Do not show me again for this app." Even if i check the box and hit run, the next time back at the page it runs again. There are like 20 of these every page.
  Firefox needs to create a way to allow exceptions for know sites to always run these java scripts. Without that, it basically becomes junk for me.

  First, Java Script is different than Java, so which are you referring to?
  Also, this is a feature in Java 7 update 11 to make exploiting a SEVER java vulnerability more difficult.

• Which was the last version of Firefox that Supported Java Platform 6 ?

  I want to know the the last version of Firefox that Supported Java Platform 6 update 45 (Java SE Runtime Environment 6u45) ?
  In other words which version of firefox started support for Java 7 ?

  Please also give links to the problem pages if they are public so that we and others may test them. You could also consider contacting the sites concerned directly yourself.
  Using Java can raise security concerns,and especially so using outdated versions.
  * see a couple of Mozilla blogs <br />https://blog.mozilla.org/security/2013/01/11/protecting-users-against-java-vulnerability/ <br />https://blog.mozilla.org/decoder/2012/04/06/why-an-outdated-java-plugin-is-so-serious/
  * and one of their own,noting the long list of links and security fixes.<br />https://blogs.oracle.com/security/entry/july_2013_critical_patch_update

• Looking for experience of QuickTime API for Windows

  Hello,
  I have an application which calls the QuickTime JAVA API provided by Apple.
  Every time I'm trying to update to a new QuickTime version (for example to QT 7.6.1), I got compatibility problems.
  It seems the API have not been changed since 2003.
  Is there an alternate way that to connect to QT from the Apple java API ?
  Is there a good soul around there to share his/her experience with me ?
  Thanks
  Gege

  You should ask your questions on the Quicktime Java API mailing list:
  http://lists.apple.com/mailman/listinfo/quicktime-java
  Though it is almost equally unsupported by its originators as JMF, QTJ does work for 90% of what it promises rather than just 10. I'm sure people on the mentioned list can help you out. Usually mpg - and millions of other formats - work just fine in Quicktime java.
  nils

• Powerbook fails to startup after Safari, Java, QT Updates

  I have a 15" Powerbook G4 with OS X.4.2 and just ran software update, while connected to the power supply - it is not running on battery power. After installing the QuickTime, Java, and Safari updates (it has been away from a network for a while) I got the click Restart screen. After clicking Restart the computer shutdown. I hit the power button, heard the hard drive spin up for a few seconds, then a little squeak, silence, then nothing. I tried to power up with option-command-p-r thinking maybe I could reset the PRAM. Same result. I powered on and inserted my OS X.4 DVD (mistake here) and held down the C key. No change, but now the DVD is stuck in the Superdrive. I then tried the ctrl-command-power button until I heard the long tone, released the keys, then nothing. I've also tried removing and swapping the RAM. I should also mention that I get no power light on the front of the powerbook. If I hold down the power button for five seconds I get the long tone and rapidly flashing power light, then the HD stops and silence. I'm guessing the machine is dead. Everything I have read in my Apple Service Technician course manuals says that this is a sign of logic board failure. (At least I have AppleCare).
  Anyone have any ideas? I also installed the updates on a G5 and now it has been freezing up at various points and the only way to fix is hold the power-button for 5 seconds and then force a shutdown and restart.
  Any help is appreciated, as I found nothing like this on the Apple discussions or tech info. All those issues report at least making it to a gray screen, mine stays black the whole time.

  hello, I'm having the same problem w/ my PB, i did an update too isight, which i dont use, but just to keep the automatic update in silence! lol, well I'm waiting for some help too, but if u have a CD stock inside try this, press F12 (eject) right after pressing the power button, i hope this give u a little help