Two new updates are available for Mac users that aim to increase security and control over how the Java web plugin runs in the Safari web browser. Named as Java for OS X 2013-003 and Safari 6.0.4 (or Safari 5.1.9 for older versions of OS X), the updates are available right now through Software Update via the Apple menu. The updates combine to roughly 110MB and requires Safari be quit before installing, though a reboot is not necessary, and should be considered must-have upgrades to existing software for those who use Safari and/or Java on the Mac.
Once installed, you will find a new security option in Safari that makes it easier to disable Java, and also gives you finer tuned controls over how Java runs, giving per-website access to the plugin with four different security settings for how and when Java is allowed to run.
Fine Tune Java Controls Per Website in Safari for Mac OS X
The first time you visit a website that attempts to use Java you will get a prompt giving you the ability to Allow or Deny the Java app from running. Whichever the option chosen, the site attempting to use Java will then be added to the access list which can be later adjusted manually as follows:
- Pull down the “Safari” menu and choose “Preferences”, then choose the “Security” tab
- Click “Manage Website Settings” to access the new Java security panel
- A list of websites that have attempted to use Java will be visible in this list, with a submenu alongside the URL indicating the status of the Java plugin for that site
- Click into the submenu to change Java permissions per website: Ask Before Use, Block Always, Allow, Allow Always
Apple explains the four options as follows:
Ask Before Using: Safari presents the option to Block or Allow the Java web plug-in. If an update is available for Java, Safari directs you to download the latest version.
Block Always: Safari presents “Blocked Plug-in” text in the place of the Java web plug-in content. Clicking “Blocked Plug-in” will bring up the option to Block or Allow the Java web plug-in for that website.
Allow: Websites set to “Allow” can run the Java web plug-in as long as the installed version of Java has no known critical security issues. If an update is available for Java, Safari directs you to download the latest version.
Allow Always: The Java web plug-in will run without prompts from Safari. This setting is only recommended for trusted websites that require the Java web plug-in, such as websites that are only accessible on your company’s intranet.
This is an excellent way to manage Java for very specific needs, without going all out and disabling it completely in OS X. Many users require Java for accessing banking websites and intranets, thus you can now effectively whitelist those websites for Java access, while easily blocking the rest from using the plugin.
Java is often the primary attack vector for malware and trojans that have afflicted OS X, and thus it’s fairly easy to prevent much malware from coming to the Mac by having strict rules regarding Java use, making this update all the more important for all users.