Allow the Java Plug-In on a Per Website Basis with Java & Safari Updates for OS X
Two new updates are available for Mac users that aim to increase security and control over how the Java web plugin runs in the Safari web browser. Named as Java for OS X 2013-003 and Safari 6.0.4 (or Safari 5.1.9 for older versions of OS X), the updates are available right now through Software Update via the Apple menu. The updates combine to roughly 110MB and requires Safari be quit before installing, though a reboot is not necessary, and should be considered must-have upgrades to existing software for those who use Safari and/or Java on the Mac.
Once installed, you will find a new security option in Safari that makes it easier to disable Java, and also gives you finer tuned controls over how Java runs, giving per-website access to the plugin with four different security settings for how and when Java is allowed to run.
Fine Tune Java Controls Per Website in Safari for Mac OS X
The first time you visit a website that attempts to use Java you will get a prompt giving you the ability to Allow or Deny the Java app from running. Whichever the option chosen, the site attempting to use Java will then be added to the access list which can be later adjusted manually as follows:
- Pull down the “Safari” menu and choose “Preferences”, then choose the “Security” tab
- Click “Manage Website Settings” to access the new Java security panel
- A list of websites that have attempted to use Java will be visible in this list, with a submenu alongside the URL indicating the status of the Java plugin for that site
- Click into the submenu to change Java permissions per website: Ask Before Use, Block Always, Allow, Allow Always
Apple explains the four options as follows:
Ask Before Using: Safari presents the option to Block or Allow the Java web plug-in. If an update is available for Java, Safari directs you to download the latest version.
Block Always: Safari presents “Blocked Plug-in” text in the place of the Java web plug-in content. Clicking “Blocked Plug-in” will bring up the option to Block or Allow the Java web plug-in for that website.
Allow: Websites set to “Allow” can run the Java web plug-in as long as the installed version of Java has no known critical security issues. If an update is available for Java, Safari directs you to download the latest version.Allow Always: The Java web plug-in will run without prompts from Safari. This setting is only recommended for trusted websites that require the Java web plug-in, such as websites that are only accessible on your company’s intranet.
This is an excellent way to manage Java for very specific needs, without going all out and disabling it completely in OS X. Many users require Java for accessing banking websites and intranets, thus you can now effectively whitelist those websites for Java access, while easily blocking the rest from using the plugin.
Java is often the primary attack vector for malware and trojans that have afflicted OS X, and thus it’s fairly easy to prevent much malware from coming to the Mac by having strict rules regarding Java use, making this update all the more important for all users.
ok update I have noticed that my bank website does not show in the list of sites the as tried to access java. even though when java is off the login page says it needs have to access and i can’t login.
it would be nice if apple gave us back the Ability to add sites manually in safari. this bites.
in safari 7.0.2 on OSX 10.9.2 I am wanting to turn off java plugin for most websites. I would like to be able to manually add websites in the java settings window. but this is not possible is there another way to do it. I have one website particually that i trust and need it to run. it is a pain to have to turn on and off settings each time I access the site when using safari
I can do this in Firefos, Chrome, and opera browsers easily. it would be helpful if i can do this in Safari to.
I _NEED_ to upload to a customer’s website and, unfortunately, they’re Java based. (Rather creepy seeing that a website can peer into my MacBook.) Anyway, I’m running 10.6.8 and, after the “update”, I can no longer upload files to their website. Properly screwed, I had to resort to an old G5 running 10.4.11 with Safari 4.1.3 to finish the job. Ahhh!… “Progress”! :(
Can anyone direct me to where I can download the previous version of Java? I need to pay bills, not play Windows PC!
Tried to install 5.1.9 in my Lion. Didn’t work of course. When I peeked inside the .pkg there’s a file called Distribution with am initial version check. If anyone have a fix/tip/hint/workaround for that, I’d appreciate that. Either if it’s possible to edit files inside a .pkg or a general “howto” to get it installed in Lion.
(Haven’t tried to extract every file and move them into their places. Feels like it’s more to it, than just that.)
/Eric
5.1.9 is for Snow Leopard *only*. In Lion you use Software Update to get 6.0.4.
Sorry, my goof. In the updates, Apple hides all system updates in one note. I do not want iTunes 11 so I normally ignore this note. Safari 6.0.4 is hidden in w iTunes 11 update note.
Again, I went to Apple/Software Update on my iMac and there is no update available as you describe. Is this a late April Fools joke?
I went to the Apple info page on the web you linked, but there is no download EITHER. No download under Apple/Software Update EITHER.
Give me the direct download link, IF THEREIS ONE?
I get no software updates for Safari past 6.0.3, through Apple/Software Updates. Where did you guy’s get this information and downloads. There is nothing at Apple to download.
> Software Update opens the App Store, then go to Updates to find them.
The Safari & Java updates are available for all Mac OS X Mountain Lion, Lion, and Snow Leopard users.
You can read more here from Apple:
http://support.apple.com/kb/HT5678
Great feature addition, feels long overdue! If only Chrome and Firefox had the same…
Firefox and Chrome also have a similar option for quite some time called “click-to-play”. You can set plugins (java, flash, quicktime, etc.) permission on a per website basis.