Update JDK:Java Security alerts and CPU patching

Similar Messages

• HT1338 There is a lot of talk about the Java security issues and the ability to download a patch fix, do i need to do this or will software update pick this up for me?

  There is a lot of talk about the Java security issues and the ability to download an apple patch fix, do i need to do this or will software update pick this up for me?

  Thanks for that, how do I establish if I have Java installed as on Safari preferences it indicates the following
  Web content - Enable Java
                      - Enable JavaScript

• What is the use of security pathces or cpu patches?

  Hi
  All,
  What is the use of security pathces or cpu patches?
  Thanks,
  Vishal

  Basically, Security patches keep your system secure from known expoits which could compromise your database should someone try to hack it. You don't have to put these patches on but you do need to assess the risk of not patching by checking what the security patch patches and deciding whether you are exposed or not. If you are unsure, then I'd recommend you patch.
  CPU patches are Critical Patch Updates that are issued quarterly. These are a mix of security patches and bug fixes. The same applies - you don't have to patch but it is worth taking a look at what is patch and making some assessment of how exposed you might be if you don't.
  Be warned, though. If you hit a problem and need Oracle's help, then Oracle support may insist that you are patched to the latest patchsets before they will assit with your issue (assuming the patch doesn't fix the issue).
  One word of advice would be that if you do decide to patch, patch your test environment first and make sure everything works normally afterwards, just in case the patch introduces a new issue for your environment - this is rare but I have seen it happen.
  Cheers,
  R

• Diff between alerts and cpu

  What is the difference between alerts and cpu??? Is there any major diff between the two???

  You will have to be more specific in your request. The CPU is the central processing unit and is a chip, the alerts are events driven by a specific occurance such as the count of IO exceeding a specific amount or a table or tablespace exceeding its growth limits.
  Mike

• Java.security.Signature and PKCS #7

  I've got a raw signature returned from the sign() method in the java.security.Signature class. It looks like it is simply the encrypted hash of the data with no padding or encoding. Can anyone confirm this?
  Additionally, I need to be able to package this raw signature in a PKCS #7 signed data structure. I know that it needs to be ASN1 encoded and then packaged in an ASN1 structure. I just am not completely sure how to go about doing this.
  I was wondering if anyone could help point me in the right direction. Thanks!

  I found that the java.security.Signature class that I need is on JSR 219.
  This JSR doesn't come with the CDCL toolkit for Netbeans, but in the CDC toolkit. Is it because the JSR 219 is only intended for CDC and not CDCL?
  And the question of the post above is still open:
  Is there any way to sign documents easily in Java Mobile? Not having to implement it from scratch, I mean.

• I received an Apple Security Alert and downloaded it

  before we realized it was a SCAM. The download said decompression failed. Is my computer contaminated or is it ok?

  It doesn't sound like it's installed.  Take a look at Thomas' article on these scams.  They're all the same some altered slightly.
  http://www.reedcorner.net/news.php/?p=138
  Regards,
  Captfred

• Differences between PSUs and traditional CPU patches

  Hi, this is Eric Maurice, Director Oracle Software Security Assurance. In the past, I have been getting a number of questions about the differences between the Patch Set Updates (PSUs) and traditional Critical Patch Update (CPU) patches.
  On August 11th at 11:00AM Pacific / 2:00PM Eastern, the Independent Oracle User Group (IOUG) will host a webcast on Database Server security patching featuring two speakers from Oracle: Bruce Lowenthal, Director for Security Alerts, and Lois Price, Director for Product Lifecycle Services.
  The purpose of this technical webcast is to discuss the various aspects of the Critical Patch Update (CPU) program, which are specific to Oracle Database Server. The speakers will spend a significant portion of the webcast discussing the differences between the Patch Set Update (PSU) and traditional CPU patches. An overview of the CPU program will also be provided, and ample time will be set aside for a Q&A session at the end of the presentation.
  The URL to register to this webcast is https://www1.gotomeeting.com/register/141106952
  For more information:
  Patch Set Updates for Oracle Products [ My Oracle Support Note 854428.1] is located at https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=854428.1 (My Oracle Support subscription is required)
  The Critical Patch Updates and Security Alerts page is located at http://www.oracle.com/technology/deploy/security/alerts.htm
  Edited by: Eric P. Maurice on Jul 27, 2010 3:21 PM
  Edited by: Eric P. Maurice on Jul 27, 2010 3:22 PM

  Update:
  Due to technical difficulties, the Database Security Patching webcast, initially scheduled for August 11, 2010 at 1pm CDT has been rescheduled. The new webcast will take place on Wednesday, August 18 at 1pm Central.
  You can register again for this event at https://www1.gotomeeting.com/register/729035104

• Help : java.security.UnrecoverableKeyException: excess private key

  Hi,
  I require help for the exception "java.security.UnrecoverableKeyException: excess private key"
  When i am trying to generate digital signature using PKCS7 format using bouncyCastle API, it gives the "java.security.UnrecoverableKeyException: excess private key" exception.
  The full stack trace is as follows
  ------------------------------------------------------------------------java.security.UnrecoverableKeyException: excess private key
       at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
       at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120)
       at java.security.KeyStore.getKey(KeyStore.java:289)
       at com.security.Security.generatePKCS7Signature(Security.java:122)
       at com.ibm._jsp._SendSecureDetail._jspService(_SendSecureDetail.java:2282)
       at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:93)
  I had tested the program under following scenarios...
  The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) I have tested this independently on Sun's JDK 1.4, 1.6
  For IBM JDK 1.4 on Windows machine for WAS(Webshere Application Server) 6.0, The Program for generating the digital signature using PKCS7 works fine, but it required IBM Policy files(local_policy.jar, US_export_policy.jar) and updation in java.security file
  But the problem occurs in Solaris 5.10, WAS 6.0 where Sun JDK 1.4.2_6 is used.
  I copied the unlimited strength policy files for JDK 1.4.2 from Sun's site(because the WAS 6.0 is running on Sun's JDK intead of IBM JDK)...
  I changed the java.security file as follows(only changed content)
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.ibm.security.jgss.IBMJGSSProvider
  security.provider.3=com.ibm.crypto.fips.provider.IBMJCEFIPS
  security.provider.4=com.ibm.crypto.provider.IBMJCE
  security.provider.5=com.ibm.jsse2.IBMJSSEProvider2
  security.provider.6=com.ibm.jsse.IBMJSSEProvider
  security.provider.7=com.ibm.security.cert.IBMCertPath
  security.provider.8=com.ibm.security.cmskeystore.CMSProvider
  I have used PKCS12(PFX) file for digital signature
  which is same for all environment(i have described as above)
  I copied the PFX file from windows to solaris using WinSCP in binary format so the content of certificate won't get currupted.
  I can not change the certificate because it's given by the company and which is working in other enviroments absolutely fine(just i have described above)
  I have gone though the "http://forums.sun.com/thread.jspa?threadID=408066" and other URLs too. but none of them helped...
  So what could be the problem for such exception?????
  I am on this issue since last one month...
  I know very little about security.
  Thanks in advance
  PLEASE HELP ME(URGENT)
  Edited by: user10935179 on Sep 27, 2010 2:47 AM
  Edited by: user10935179 on Sep 27, 2010 2:54 AM

  user10935179 wrote:
  The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) If the program was working fine without changing the java.security policy file, why have you changed it to put the IBM Providers ahead of the SunRsaSign provider?
  While I cannot be sure (because I don't have an IBM provider to test this), the error is more than likely related to the fact that the IBM Provider implementations for handling RSA keys internally are different from the SunRsaSign provider. Since you've now forced the IBM provider ahead of the original Sun provider, you're probably running into interpretation issues of the encoded objects inside the keystore.
  Change your java.security policy back to the default order, and put your IBM Providers at the end of the original list and run your application to see what happens.
  Arshad Noor
  StrongAuth, Inc.

• Webstart no longer works after update from Java 7 Update 67 to Java 7 Update 71/72

  Hi,
  We have an application that is launched via Webstart.  Last year, we had to make a bunch of changes to the application in order to work with Java 7 Update 45.  It has been working fine up to and including Java 7 Update 67.  However, it is no failing with Java 7 Update 71 and 72.  Upon launch it is giving the error below. I have searched online and found other articles related to the AccessControlException but they are about 7 years old.  I also tried adding this to the java.policy file with no luck.  Any ideas or help would be appreciated to determine what I can do to get this to work for update 71.
  java.security.AccessControlException: access denied ("java.util.PropertyPermission" "eclipse.exitcode" "write")
      at java.security.AccessControlContext.checkPermission(Unknown Source)
      at java.security.AccessController.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkPermission(Unknown Source)
      at org.eclipse.osgi.framework.internal.core.FrameworkProperties.setProperty(FrameworkProperties.java:64)
      at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:216)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      at java.lang.reflect.Method.invoke(Unknown Source)
      at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:508)
      at org.eclipse.equinox.launcher.Main.basicRun(Main.java:447)
      at org.eclipse.equinox.launcher.WebStartMain.basicRun(WebStartMain.java:78)
      at org.eclipse.equinox.launcher.Main.run(Main.java:1173)
      at org.eclipse.equinox.launcher.WebStartMain.main(WebStartMain.java:56)

  krubar wrote:
  I have same problem on Sparc system (Solaris 10). Does anybody know how to fix it ? I can't change symbolic link for javaAre you certain that you are experiencing exactly the same issue? Did you follow the hyperlinks to the Sun Solve documents above?
  The Sun Solve document itself states:
  1. Solaris 8 and 9 and OpenSolaris and Solaris 10 on the SPARC platform are not impacted by this issue.I would suggest that you open a Support Call with your local solutions centre.

• Java Not Working, And Still No Answers. What Gives?

  Okay, decided to start this topic anew, since the only response I got to the other one was a post calling me "rude and impatient" (I guess that's what they're calling "persistence" nowadays..) , instead of...well...ignoring my admittedly pushy and harsh tone and actually being helpful. However, for the sake of it, I do apologize for my attitude in my last topic.
  But I digress, let's start off on a new foot, eh? On to the problem that is STILL at hand(in other words, "patience" hasn't gotten me jack, not even a "we don't know yet"):
  So last night (10 PM January 20th), the Firefox Plugin Checker said that my Java version was outdated. I also got a pop-up saying that my current version of Java at the time (Java 7 update 10) had vulnerabilities. So to try and fix this, I went to the Java page and downloaded the update (Java 7 update 11).
  To check and see if my update was working, I went to Java's check page, as well as another page I use. And here I discovered a problem. I got a notification that an old version of Java had been detected, and another prompt to download the current version (which I had already done). So I erased all versions of Java from my control panel, and tried to check it again. And when I did, I got this: http://oi50.tinypic.com/35b6xx2.jpg and http://oi47.tinypic.com/15fg37p.jpg.
  As you can see, both pages tell me that I need to install a missing plugin of some sort. So, thinking this would resolve the issue, I clicked the Install Missing Plugin button. This is what it told me was missing: http://oi45.tinypic.com/302uwbl.jpg. So I clicked next to install it.... and got this: http://oi45.tinypic.com/2cici0x.jpg, which I assume means that the plugin did not install. So I pressed Manual Install... and was lead/linked right back to the Java download page (where it all began, and what doesn't seem to be working in the first place)
  I go to check my plugins again (Just to make sure and also for extra information), and it appears to say that my Java version is current (is that what "Java Deployment Toolkit 7.0.110.21" is? I don't know, I am not good at technology at all. Either way, here is what it looks like: http://oi48.tinypic.com/4kxzz4.jpg). So...if it is current, why is it not working (i.e. I am unable to play games, DO MY COLLEGE CLASSWORK, or play Java-based games)?
  If it helps anything, here is what my control panel looks like in regards to Java right now: http://oi45.tinypic.com/2qlxu9t.jpg Am I missing anything that would make Java work?
  And before anyone says that Java is not essential: It may be that way to you, but I need Java to do classwork for college. Veterinary college.
  So, in short, what is going on with Java, and how can I fix it?
  EDITEDITEDIT: I Have found that I can do my classwork without Java. HOWEVER, this DOES NOT mean that the problem is solved or over with. I STILL WANT TO KNOW HOW TO FIX THIS PROBLEM AND GET JAVA TO WORK. Even if I never actually need it, I would still like to have a (working!!!) Java version because of two reasons: 1) I would rather have such a program and not need it, than need such a program and not have it, and 2) aesthetics. Sorry to say, but I am very particular about how things look when it comes to my belongings, and the fact that Java is messing up is making me actually stressed. In short, I still want the above issue solved, even if it's just purely for the sake of Peace Of Mind.
  Another note: I would (please!) appreciate a timely response on this matter. Even if the response is a "We don't know what the issue is and/or we are working to solve this issue.", that would satisfy me for the time being. I would just like a semi-timely response that would let me know that FF/contributors here have read the above and actually give a semblance of a care about their userbase.
  Thank You.

  '''ponyparty, '''
  The first prompt you see in Firefox to activate Java is because Java is currently on the Mozilla blocklist ( the "Hot Topic" article [[How to use Java if it's been blocked]] explains the reason for block and how to activate Java, including how to bypass the plugin activation prompt for trusted sites).
  cor-el is right about why you are seeing a second [http://oi48.tinypic.com/de8f8y.jpg Java "Security Warning"] when trying to view Java applets, that you have to click to run. This is a ''' Java''' security feature and not anything Firefox does.
  Try the same Java sites in Internet Explorer .... don't you also see the Java "Security Warning?" If you want to lower your Java security back to "Medium" in the Java Control Panel, see http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/jcp.html#security for details. That's up to you but I would leave it on "High " since Java 7 is still basically insecure, according to the reports I've seen and [https://blog.mozilla.org/security/2013/01/11/protecting-users-against-java-vulnerability/ this "Protecting Users Against Java Vulnerability]" Mozilla blog post.
  If the second Java prompt is your only remaining issue then your problem is really solved, since it is a new Java security feature and not anything in Firefox.
  Some background:<br>
  At the time I was helping you in the [https://support.mozilla.org/en-US/questions/944267 older thread you started] (now locked because you started this one) the solution to uninstall JavaFX wasn't known. On Dec 13th I wrote, ''There may be problems with Java 7 Update 10 since a number of Windows users have reported that Firefox is not detecting the plugin'' and I linked to a couple of related threads, including [http://forums.mozillazine.org/viewtopic.php?f=38&t=2628935 this MozillaZine thread], in which uninstalling JavaFX as a solution was posted 22 Dec 2012. On 25 Dec 2012 in the same MozillaZine thread, I posted a link to [https://bugzilla.mozilla.org/show_bug.cgi?id=820759#c12 this Dec 24th bugzilla comment] by an Oracle employee, who posted that uninstalling JavaFX was a solution for '''Oracle's''' Java 7 detection bug. Oracle has been working on the bug (to be fixed in an upcoming Java 7 release) and they created [https://www.java.com/en/download/help/firefox_java.xml this java.com help page], which is now included in the related MozillaZine and Mozilla Support articles on Java that I posted above.

• Merge 4411462 and 5073249 patches?

  Performing EBS database upgrade from 9.2 to 10G:
  Step 21 of note:362203.1 says to apply 9 database patches. Two of the patches in the list conflict with each other (4411462 and 5073249). How did you guys handle this? Did you skip the 5073249 patch and request a merge from Oracle and in the meantime proceed with the upgrade?

  Even better, there were file conflicts with the BIS patches and the quarterly critical patch updates. Whenever I applied a CPU patch, opatch rolled back those BIS patches. After about 4 or 5 TARs, I was able to get them merged with the latest CPU build for 10.2.0.2.
  For Cotober 2006 CPU, there was a super merge that merges the BIS patches with the CPU updates:
  5598552 SUPER MLR FOR CPUOCT2006 ON 10.2.0.2
  For January 2007 CPU, (5689957 CPU MLR patch for 10.2.0.2 on 23), 4411462 and 5073249 are listed in the bugs fixed section, and should be included in 10.2.0.2 CPU fixes going forward.

• Java security error after 8u31 (Timestamped Jarsigned Applet within valid period of Code Signing certificate)

  Hello,
    I have an applet running in embeddad systems. This program runs without any problem since 8u31 update! After this update it starts to give java security warning and stops running.
  Here is the warning message:
    "Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running"
  What it says is true; my Code Signing Certificate (CSC) is valid between 24 Jan 2014 and 25 Jan 2015. And it expired! However, while i was signing my applet with this certificate i used "timestamp". The authority i choosed was DigiCert. My signing date was 26 Jan 2014 (when my CSC was valid).
  When i started to have this Java Security Error, first i thought i mis-timestamped my code, and check by using the jarsigner -verify command. Here is a partial result:
  s      19607 Mon Jan 27 13:17:34 EET 2014 META-INF/MANIFEST.MF
        [entry was signed on 27.01.2014 13:19]
        X.509, CN=TELESIS TELECOMMUNICATION SYSTEMS, OU=ARGE, O=TELESIS TELECOMMUNICATION SYSTEMS, STREET=TURGUT OZAL BLV.NO:68, L=ANKARA, ST=ANKARA, OID.2.5.4.17=06060, C=TR
        [certificate is valid from 24.01.2014 02:00 to 25.01.2015 01:59]
        X.509, CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
        [certificate is valid from 24.08.2011 03:00 to 30.05.2020 13:48]
        X.509, CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
        [certificate is valid from 07.06.2005 11:09 to 30.05.2020 13:48]
        X.509, CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
        [certificate is valid from 30.05.2000 13:48 to 30.05.2020 13:48]
  sm       495 Thu Jan 23 14:55:22 EET 2014 telesis/WebPhone$1.class
  As you may see the timestamp was correctly done. And it is in the valid period of CSC.
  Than i started to check how Java confirms the Certificate, and found some flowcharts.
  Here is an example from DigiCert:
  Code Signature Verification Process
  After the Web browser downloads the Applet or Web Start application, it checks for a timestamp, authenticates the publisher and Certificate Authority (CA), and checks to see if the code has been altered/corrupted.
  The timestamp is used to identify the validation period for the code signature. If a timestamp is discovered, then the code signature is valid until the end of time, as long as the code remains unchanged. If a timestamp is not discovered, then the code signature is valid as long as the code remains unchanged but only until the Code Signing Certificate expires. The signature is used to authenticate the publisher and the CA, and as long as the publisher (author or developer) has not been blacklisted, the code signature is valid. Finally, the code is checked to make sure that it has not been changed or corrupted.
  If the timestamp (or Code Signature Certificate expiration date) is verified, the signature is validated, and the code is unchanged, then the Web browser admits the Applet or Web Start application. If any of these items do not check out, then the Web browser acts accordingly, with actions dependent on its level of security.
  So according to this scheme, my applet had to work properly, and without security warning.
  However i also found that from Oracle, which also includes the timestamping authorities Certification validity period??? :
  The optional timestamping provides a notary-like capability of identifying
  when the signature was applied.
      If a certificate passes its natural expiration date without revocation,
  trust is extended for the length of the timestamp.
      Timestamps are not considered for certificates that have been revoked,
  as the actual date of compromise could have been before the timestamp
  occurred.
  source:  https://blogs.oracle.com/java-platform-group/entry/signing_code_for_the_long
  So, could anyone please explain why Java gives security error when someone tries to reach that applet?
  Here is a link of applet: http://85.105.68.11/home.asp?dd_056
  I know the situation seems a bit complicated, but i tried to explain as simple as i can.
  waiting for your help,
  regards,
  Anıl

  Hello,
    I have an applet running in embeddad systems. This program runs without any problem since 8u31 update! After this update it starts to give java security warning and stops running.
  Here is the warning message:
    "Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running"
  What it says is true; my Code Signing Certificate (CSC) is valid between 24 Jan 2014 and 25 Jan 2015. And it expired! However, while i was signing my applet with this certificate i used "timestamp". The authority i choosed was DigiCert. My signing date was 26 Jan 2014 (when my CSC was valid).
  When i started to have this Java Security Error, first i thought i mis-timestamped my code, and check by using the jarsigner -verify command. Here is a partial result:
  s      19607 Mon Jan 27 13:17:34 EET 2014 META-INF/MANIFEST.MF
        [entry was signed on 27.01.2014 13:19]
        X.509, CN=TELESIS TELECOMMUNICATION SYSTEMS, OU=ARGE, O=TELESIS TELECOMMUNICATION SYSTEMS, STREET=TURGUT OZAL BLV.NO:68, L=ANKARA, ST=ANKARA, OID.2.5.4.17=06060, C=TR
        [certificate is valid from 24.01.2014 02:00 to 25.01.2015 01:59]
        X.509, CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
        [certificate is valid from 24.08.2011 03:00 to 30.05.2020 13:48]
        X.509, CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
        [certificate is valid from 07.06.2005 11:09 to 30.05.2020 13:48]
        X.509, CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
        [certificate is valid from 30.05.2000 13:48 to 30.05.2020 13:48]
  sm       495 Thu Jan 23 14:55:22 EET 2014 telesis/WebPhone$1.class
  As you may see the timestamp was correctly done. And it is in the valid period of CSC.
  Than i started to check how Java confirms the Certificate, and found some flowcharts.
  Here is an example from DigiCert:
  Code Signature Verification Process
  After the Web browser downloads the Applet or Web Start application, it checks for a timestamp, authenticates the publisher and Certificate Authority (CA), and checks to see if the code has been altered/corrupted.
  The timestamp is used to identify the validation period for the code signature. If a timestamp is discovered, then the code signature is valid until the end of time, as long as the code remains unchanged. If a timestamp is not discovered, then the code signature is valid as long as the code remains unchanged but only until the Code Signing Certificate expires. The signature is used to authenticate the publisher and the CA, and as long as the publisher (author or developer) has not been blacklisted, the code signature is valid. Finally, the code is checked to make sure that it has not been changed or corrupted.
  If the timestamp (or Code Signature Certificate expiration date) is verified, the signature is validated, and the code is unchanged, then the Web browser admits the Applet or Web Start application. If any of these items do not check out, then the Web browser acts accordingly, with actions dependent on its level of security.
  So according to this scheme, my applet had to work properly, and without security warning.
  However i also found that from Oracle, which also includes the timestamping authorities Certification validity period??? :
  The optional timestamping provides a notary-like capability of identifying
  when the signature was applied.
      If a certificate passes its natural expiration date without revocation,
  trust is extended for the length of the timestamp.
      Timestamps are not considered for certificates that have been revoked,
  as the actual date of compromise could have been before the timestamp
  occurred.
  source:  https://blogs.oracle.com/java-platform-group/entry/signing_code_for_the_long
  So, could anyone please explain why Java gives security error when someone tries to reach that applet?
  Here is a link of applet: http://85.105.68.11/home.asp?dd_056
  I know the situation seems a bit complicated, but i tried to explain as simple as i can.
  waiting for your help,
  regards,
  Anıl

• Java Web Start and Java Preferences

  I am having trouble with Java Web Start and Java Preferences. I have tried reinstalling the update with the link http://www.apple.com/downloads/macosx/apple/application_updates/javaformacosx105 update6.html but to no avail. What else can be done ? Moreover the file /System/Library/Frameworks/JavaVM.framework/Versions/A/ seems to be in place, but Java Web Start wont open and Java Preferences can't access cache files. Any ideas about how to resolve this? I have been having issues with Java for a long time and have already done a clean Leopard reinstall and all the Combo updates. Java Web Start and Java Preferences worked correctly for a while after that but seem to have gone haywire again.

  bump

• I did software update, now java in Safari doesn't work.

  I ran software update, now Java in Safari and Firefox doesn't work. How do I fix it?

  I already tried that.
  I am running OS 10.6.8.
  I did a "normal" software update (under the Apple icon).. didn't update the OS to a higher level, it's still 10.6.8. But now certain websites tell me that Java is missing or not working. When I go to the Java site, they say that you can only download the newest Java for OS 7 or higher... that Java is automatically part of OS 6 and should have automatically updated when I do a Mac software update.
  Java used to work. Now that I've "updated" my Mac software, it doesn't work. And there's no way to download and install Java (according to them).
  It's a never ending circle with no solution.

• Anyone know how to uninstall the latest update so Java can work again?

  Java Preferences in utility has disappeared, a hot of applets and applications that require Java no longer work, total disaster...:-(
  How do I uninstall latest Mountain Lyon update of a few days ago, and/or Mountain Lyon and Lyon?
  Thanks for any help!

  The last Java update disabled Java plug-in and removed Java Preferences.app from your Utilities folder.
  You can re-enable Java by following this support article
  http://support.apple.com/kb/HT5559