Apple patches critical Mac bugs with Java updates

Continues to fix Java flaws in Leopard, Snow Leopard even though Lion won't include the Oracle software

Apple on Tuesday shipped a Java security update to Leopard and Snow Leopard users that patched a total of 27 vulnerabilities in the Oracle software.

Apple said that some of the bugs could be exploited to execute attack code outside the Java sandbox, which would make it possible for hackers hijack a vulnerable Mac. However, the company did not spell out how many of the vulnerabilities could be exploited to "execute arbitrary code," its way of saying that the flaws should be considered critical.

Mac OS X 10.5, a.k.a. Leopard, received an update that patched 16 vulnerabilities in Java SE 6 and another 11 in Java SE 5. The update for the newer Mac OS X 10.6, a.k.a. Snow Leopard, also patched the 16 bugs in Java SE 6.

The Java SE 6 update fixed the same flaws that Oracle patched with the 1.6.0_24 security update issued on Feb. 15, 2011.

Tuesday's Java update was the first for Apple since mid-October 2010.

Shortly before that, Apple "deprecated" the Java runtime on Mac OS X -- telling developers not to rely on it being present in the operating system -- and announced that it would contribute the tools and technologies it had created to build Java SE 7 to Oracle's OpenJDK open-source project.

In other words, Apple was indicating that it planned to stop its own development of Java for Mac and would drop it from future versions of the operating system.

The company did commit to continuing to support Java in Leopard and Snow Leopard, however.

"The Java runtime shipping in Mac OS X 10.6 Snow Leopard, and Mac OS X 10.5 Leopard, will continue to be supported and maintained through the standard support cycles of those products," Apple said on its developer Web site last October.

Last year's announcement hinted that Apple would not bundle a Java runtime with Mac OS X 10.7, a.k.a. Lion, the operating system upgrade slated to ship this summer. Reports, including one by AppleInsider last month, confirmed that Java is AWOL from Lion.

Experts are split on the question of whether the disappearance of Java from Mac OS X will improve the operating system's security.

The Java updates, which range between 75MB and 120MB in size, can be downloaded at the Apple site or installed using the operating system's integrated update service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies