Security Update 2005-006 and Java applications

Posted by Pierre Igot in: Macintosh
June 20th, 2005 • 5:43 am

A number of Mac OS X machines in my employer’s offices use a custom-made Java application that communicates with a library management system on a central Solaris server. Mac OS X support has always been a bit dicey — the provider of the library management system is, predictably, more familiar with client computers running Windows.

We only have a couple of machines running Tiger. All the other ones are still running Panther and things will probably remain the same in the foreseeable future. (Most users have no need for Tiger’s features.)

The library management provider does not know that we have upgraded a couple of machines to Tiger and would probably say that they do not support the use of their Java application on this new system if we ran into problems. But so far, it’s been working OK.

Then today, my colleague, who has one of the two machines that run Tiger, phoned to report that she was no longer able to use the Java application. She initially thought that it was a problem with the network, because other users (with Panther machines) were having problems too — but then the problems experienced by the other users disappeared. Her Tiger machine, however, was still unable to run the Java application.

It turned out that she had installed Apple’s latest security update this morning, simply because Software Update had popped open and suggested that she install it, and she thought it was the right thing to do.

While we had no hard proof that this was the cause of the problem, the software update was the most likely cause just the same. I looked through the information provided by Apple on the update and, while there is no mention of Java, there are a couple of items that sound like they could indirectly affect proprietary applications that might not be 100% kosher in terms of complying with Mac OS X security standards, etc.

We tried a few things, such as trashing a few Java cache files, repairing permissions, etc. Nothing worked.

The problem here was that there is no easy way to “undo” a security update. All you can do is reinstaller Tiger from the DVD, using the “Archive and Install” option. It’s a rather painful procedure.

I couldn’t think of any other solution. Then I thought that maybe she should try re-running the Mac OS X Update 10.4.1 installer. I thought that it probably wouldn’t work — since Security Update 2005-006 was a more recent system update — but that she didn’t have anything to lose. Much to my surprise, it turned out that it is possible to re-install Mac OS X Update 10.4.1 over a system that has already been updated with Mac OS X Update 10.4.1 and with Security Update 2005-006.

And, to our great relief, re-applying the 10.4.1 update fixed the problem with the Java application! After re-applying the update, when my colleague tried to relaunch the Java application that would refuse to launch, it went through the process that it typically goes through the first time you run it, asking you if you are sure that the remote server that the Java application is communicating with is secure, etc. But after that it worked just fine.

I then asked her to run Software Update again, just to see whether Mac OS X would recommend that she install Security Update 2005-006 again. Again, to my surprise, it said that her system was up-to-date.

The moral of this story? If you install Security Update 2005-006 and have problems with Java applications after that, try reapplying Mac OS X System Update 10.4.1. You never know. It might fix the problem!

Comments are closed.

Leave a Reply

Comments are closed.