updated 07:45 pm EDT, Tue April 16, 2013
Restores more user control to Java web plug-in
Apple on Tuesday updated both Java and its web browser Safari for users of OS X 10.6.8 (Snow Leopard) and higher. The updates now allow users to enable the Java web plug-in on a site-by-site basis, as opposed to the "active" or "inactive" options it had previously. Following a spate of serious issues, Apple forcibly disabled the Java plug-in because of malicious, in-use threats -- though users could reactivate Java once they updated.
Safari has now been updated to version 6.0.4 for OS X Lion and Mountain Lion (10.7.x and 10.8.x, respectively), and version 5.1.7 for Snow Leopard (10.6.8). The only listed change in the 6.x version is the ability of the browser to ask the user if they would like the Java plug-in activated for a particular site, having detected the use of Java on that page.
The intention is to make it easier for users to quickly add trusted sites that employ Java to the "whitelist" while keeping the plug-in inactive on unfamiliar or untrusted sites. Users can also manage settings, choosing to always allow Java on some sites and always block it on others, or ask on each occasion or allow on a one-time basis.
While Java has seen greatly-declining use on many web pages -- in part due to its ongoing security issues -- it is still required for some applets and other users on a variety of sites. For example, a casual game-player might want to keep Java "always on" when visiting a game site like pogo.com, but off for most other sites where Java isn't mandatory for the site's functionality. Safari will now show a "blocked plug-in" message where a Java element is present but not active, and should a serious security issue emerge in the present version Apple would likely disable the plug-in again until users updated to a patched version.
The Snow Leopard version of the latest Safari takes the opportunity to includes some addition updates and fixes. Version 5.1.7 improves performance when the system is low on memory, automatically disables versions of Adobe Flash that aren't up-to-date for security reasons (though it provides the option for users to download the latest version for their system), and fixes a pair of other bugs. One of the issues could prevent webpages from responding to the pinch-to-zoom gesture on trackpads or Magic Mouse devices, while the other affected some websites that used forms to authenticate users.
In addition, Apple has updated Java for system on 10.6.8 and later. For Snow Leopard, the update is called Java for Mac OS X 10.6 Update 15, and upgrades Java SE 6 to version 1.6.0_45 as well as enabling site-by-site control of the plug-in in connection. For Lion and Mountain Lion, the update is referred to as Java for OS X 2013-003 and again updates any installations of Java SE 6 to version 1.6.0_45.
On systems that haven't already installed Java for OS X 2012-006, the update will disable the Java SE 6 web plug-in completely (users will still have the option to update to the latest version of Java SE 7, or install the 2012-006 update). Java applets outside of web browsers will continue to function normally. Lion and Mountain Lion users can also install Java SE 7 directly from Oracle's website in order to run the most recent version of Java, which has already been updated to deal with the previous security threats. Apple does not post updates to Java SE 7, having relinquished responsibility for it to Oracle with the release of Lion.