News that Apple has yet to fix a Java security bug on Mac OS X six months after its discovery should surprise no one. Apple lags behind Microsoft when it comes to handling security, and this latest fiasco only shows that Apple still doesn't take security seriously.
More than six months ago, Sami Kovu discovered a Java security flaw that would allow a Java applet in a Web browser to run malicious code without a user's knowledge or permission. The flaw is in Java, not in a specific operating system, so it affected Mac OS X, Windows, and Linux.
A while back, according to the Register, patches were available for Windows and Linux that fixed the problem. However, that's not the case with Mac OS X. Even though Apple recently released a whopper of a security update for Mac OS X, Java security hole wasn't patched.
This is just more evidence that Apple doesn't take security seriously. As I've said in the past, Apple can learn a lot from Microsoft about how to handle security. Apple doesn't patch fast enough and doesn't admit the truth about potential security issues, among other problems. Part of that may be a result of the myth that Macs are invulnerable to infections and hacks. Part of it may be that Apple uses that myth in its marketing. For whatever reason, though, Apple still doesn't take security seriously.
I'm not alone in saying this. Several security researchers have said that Macs are less secure than Windows or Linux. And one of them, Dino Dai Zovi, co-author of The Mac Hacker's Handbook and a security researcher, told The Register:
"In general Apple has been a little slower to apply upstream security updates in Java. Whenever basically they're lagging behind a vulnerability that's out and known, it's pretty significant. Potential hackers don't have to discover anything new; they can use a vulnerability that's already released."
It's time for Apple to finally get serious about security. The company makes a great operating system --- now it's time to make it more secure.