For applets using LiveConnect that:
- Are properly signed
- Utilize the permissions attribute
- Specify caller-allowable-codebase (wildcard or explicit url)
Treat all inbound LiveConnect calls from the allowable codebase(s) as "trusted" even if the current JRE is below the security baseline.
As part of our efforts to secure systems that rely on the Java Plugin we added increased restrictions to the JRE that kick in whenever the JRE falls below the security baseline or expires. One such restriction is that self-signed and unsigned code can no longer run by default.
LiveConnect calls are always considered ???unsigned??? so even though the applet that handles LiveConnect calls might be properly signed we still treat the application as ???unsigned???.
With the release of 7u45, which drove 7u25 and 7u40 to below the security baseline, calls to LiveConnect ???even to applets that are being properly maintained, signed and with all the new required attributes present (e.g. caller-allowable-codebase is included in the manifest)- are being blocked by default on systems that are not updated to the latest JRE (7u45). Companies that rely on services provided by LiveConnect applets consumed by users outside of their control are having to ask their end users to update to 7u45 or to lower the security slider for 7u40/7u25 to medium to continue being able to use their services.
This has already resulted in high-level escalations to which the only answer we can give is you must ???encourage??? your users to update to 7u45, and you will have to do this again with every JRE update that moves the security baseline.