For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
JavaFX is a software platform for creating and delivering desktop applications, as well as rich Internet applications (RIAs) that can run across a wide variety of devices. JavaFX is intended to replace Swing as the standard GUI library for Java SE, but both will be included for the foreseeable future. JavaFX has support for desktop computers and web browsers on Microsoft Windows, Linux, and macOS. Oct 26, 2017 Download Java for OS X 2017-001. Java for macOS 2017-001 installs the legacy Java 6 runtime for macOS 10.13 High Sierra, macOS 10.12 Sierra, macOS 10.11 El Capitan, macOS 10.10 Yosemite, macOS 10.9 Mavericks, macOS 10.8 Mountain Lion, and macOS 10.7 Lion. NBI currently doesn't support a bundled JRE with Mac OS X. This is very easy to fix. (I'll get to that) Why this is so, I don't know, but I'm assuming the reason is that at the time NBI was created the concept of a bundled JRE on Mac OS X was somewhat alien. At that time Mac OS X. Jul 31, 2015 Java for Mac OS X 2015-001. By Rexdl July 31, 2015. Current Version: 2015-001. File size: 63.6 MB. Memorize: www.ReXdl.com. This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled “Missing plug-in” to go download the latest version of the Java applet plug-in from Oracle. To use applets on a web page, click on the region labeled 'Missing plug-in' to go download the latest version of the Java applet plug-in from Oracle. Java for macOS 2017-001 installs the legacy Java 6 runtime for macOS 10.13 High Sierra, macOS 10.12 Sierra, macOS 10.11 El Capitan, macOS 10.10 Yosemite, macOS 10.9 Mavericks, macOS 10.8 Mountain.
For information about the Apple Product Security PGP Key, see 'How to use the Apple Product Security PGP Key.'
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see 'Apple Security Updates.'
Java for Mac OS X 10.6 Update 2
- JavaCVE-ID: CVE-2009-1105, CVE-2009-3555, CVE-2009-3910, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0886, CVE-2010-0887Available for: Mac OS X v10.6.3, Mac OS X Server v10.6.3Impact: Multiple vulnerabilities in Java 1.6.0_17Description: Multiple vulnerabilities exist in Java 1.6.0_17, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_20. Further information is available via the Sun Java website at http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
- JavaCVE-ID: CVE-2010-0538Available for: Mac OS X v10.6.3, Mac OS X Server v10.6.3Impact: Visiting a web page containing a maliciously crafted untrusted Java applet may lead to an unexpected application termination or arbitrary code execution with the privileges of the current userDescription: An out of bounds memory access issue exists in the handling of mediaLibImage objects. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to an unexpected application termination or arbitrary code execution with the privileges of the current user. This issue is addressed by preventing Java applets from using the com.sun.medialib.mlib package. This issue only affects the Mac OS X implementation of Java. Credit to Marc Schoenefeld of University of Bamberg for reporting this issue.
- JavaCVE-ID: CVE-2010-0539Available for: Mac OS X v10.6.3, Mac OS X Server v10.6.3Impact: Visiting a web page containing a maliciously crafted untrusted Java applet may lead to an unexpected application termination or arbitrary code execution with the privileges of the current userDescription: A signedness issue exists in the handling of window drawing. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to an unexpected application termination or arbitrary code execution with the privileges of the current user. This issue is addressed through improved bounds checking. This issue only affects the Mac OS X implementation of Java. Credit to Jonathan Bringhurst of Northrop Grumman, and Jeffrey Czerniak for reporting this issue.
With Oracle’s Java 8, there’s been some confusion as to whether Java 8 runs on Mac OS X 10.7.5. This issue was lent additional urgency in the wake of Oracle’s announcement that they will begin auto-updating Java 7 users to Java 8 starting in January 2015.
The root of the confusion lies in the fact that Oracle has listed two different sets of system requirements on their website for Macs running Java 8 on Mac OS X.
The first set is available via Oracle’s general Java system requirements page. This page states that Java 8 requires the following:
- Intel-based Mac running Mac OS X 10.8.3+, 10.9+
- Administrator privileges for installation
- 64-bit browser
![Java Java](/uploads/1/2/6/5/126552990/258037185.jpg)
The second set is available via the Java download page for Mac OS X. The system requirements linked from the download page state that Oracle’s Java requires the following:
- Intel-based Mac running Mac OS X 10.7.3 (Lion) or later.
- Administrator privileges for installation
- 64-bit browser
In short, the question of Java 8 support for 10.7.x depended on which system requirement page was correct. For more details, see below the jump.
Based on my testing, it appears that the current version of Java 8 (Java 8 Update 25) installs on Mac OS X 10.7.5 without issues.
Java For Os X 2015-01 2
Following installation, I tested on a 10.7.5 Mac against the following sites:
Java For Os X 2015-01 4
My work’s Juniper VPN (which uses a signed Java applet)
Oracle’s Java Test page: https://www.java.com/en/download/help/testvm.xml
Java Tester’s Java Version page: http://javatester.org/version.html
In all three cases, the Java applets on those sites launched and worked without issue using Java 8 Update 25 (though the javatester.org applet needed to be whitelisted.)