Since the last Safari update (I'm on Lion, 10.7.5), I've been unable to connect to a client's VPN. Their VPN runs via a Java network client from Juniper Networks, and it appears to require write-access and chmod permissions on several folders. I can get around this by enabling "Run in Safe Mode" in Safari, which is what the client is recommending I do. I can't find anything about the security ramifications of doing this and I don't feel comfortable downgrading security on my system, even if it's for a client I trust. On the other hand, I don't know if I was running the software in "unsafe mode" before the update without knowing it (which is what I'm afraid was probably the case).
Does anyone know what the ramifications of running Java apps in "unsafe mode" are?
There is a knowledgebase article (Google cache) on this, which says they are working on a certified client. I understand it won't be out for another month.
Best Answer
It looks like unsafe mode allows the Java app full access to your filesystem, which is enough that a malicious Java app could do anything it wants (take over your computer, infect it with malware, spy on you, etc.). So, the name "unsafe mode" does seem appropriate here.
It's your call whether you want to take the risk. Personally, I wouldn't, on my own personal computer. I might set up a virtual machine and run the VPN client inside the VM, or ask the client for another solution that doesn't involve shooting holes in your computer's security. Right now, Java security is a bit of a mess; it's a shame we don't have better solutions available.