The first time you visit a website that attempts to use Java you will get a prompt giving you the ability to Allow or Deny the Java app from running. Whichever the option chosen, the site attempting to use Java will then be added to the access list which can be later adjusted manually as follows:
- Pull down the “Safari” menu and choose “Preferences”, then choose the “Security” tab
- Click “Manage Website Settings” to access the new Java security panel
- A list of websites that have attempted to use Java will be visible in this list
- To change Java permissions per website chose one of the options: Ask, Block, Allow, Allow Always
Apple explains for Safari 6 the four options as follows (its similar for Safari 7):
Ask Before Using: Safari presents the option to Block or Allow the Java web plug-in. If an update is available for Java, Safari directs you to download the latest version.
Block Always: Safari presents “Blocked Plug-in” text in the place of the Java web plug-in content. Clicking “Blocked Plug-in” will bring up the option to Block or Allow the Java web plug-in for that website.
Allow: Websites set to “Allow” can run the Java web plug-in as long as the installed version of Java has no known critical security issues. If an update is available for Java, Safari directs you to download the latest version.
Allow Always: The Java web plug-in will run without prompts from Safari. This setting is only recommended for trusted websites that require the Java web plug-in, such as websites that are only accessible on your company’s intranet.
This is an excellent way to manage Java for very specific needs, without going all out and disabling it completely in OS X. Many users require Java for accessing banking websites and intranets, thus you can now effectively whitelist those websites for Java access, while easily blocking the rest from using the plugin.
Java is often the primary attack vector for malware and trojans that have afflicted OS X, and thus it’s fairly easy to prevent much malware from coming to the Mac by having strict rules regarding Java use, making this update all the more important for all users.