Does Apple's Java move mean a less secure Mac?
Security experts take sides over Java patching
Computerworld - Security experts are split over whether Apple's decision to hand over Java to an Oracle-backed open-source project is a good deal for Mac users.
On Friday, Apple announced it would join Oracle's OpenJDK and contribute "most of the key components, tools and technology required for a Java SE 7 implementation on Mac OS X."
The move followed Apple's earlier decision to "deprecate" Java -- in other words, to stop bundling the software with Mac OS X -- in future versions of the operating system.
On Friday, Apple committed to continue shipping Java SE 6 with Mac OS X 10.6, aka Snow Leopard, and in the next edition, Mac OS X 10.7, known as Lion. The latter is set to launch in the third quarter of 2011. Apple will also patch Java SE 6 in those operating systems.
But Java SE 7, and all later versions of the software for Mac OS X, will come from Oracle, not Apple.
One security researcher thinks that would make Mac users less secure in the long run.
"Instead of having to worry about one thing being updated -- the operating system -- users will now have to worry about three things being kept up to date: the OS, Java and Flash," said Charlie Miller, an analyst with Baltimore-based Independent Security Evaluators (ISE) and co-author of The Mac Hacker's Handbook.
"This is what people on Windows have done, and I think history shows that people aren't very good at keeping these up to date," said Miller in an e-mail reply to questions about Apple deprecating Java. "Until now, out of the box, the browser could handle just about anything since Java and Flash were installed. Just updating the OS kept these up to date. [In the future], the browser won't handle many popular sites and if you download the plug-in, you have to worry about it getting out to date."
Apple has also decided to ditch Adobe's Flash Player, which like Java has been pre-installed on Macs. Apple has provided patches for Flash Player as part of its normal security updates, but may discontinue that practice as well.
Dino Dai Zovi disagreed with his The Mac Hacker's Handbook co-author.
"If Apple can't release patches at the same time that Oracle does, they should let Oracle do it," said Dai Zovi, a New York-based security consultant.
- Long replacement cycle drags down iPad sales
- Apple unwraps OS X Yosemite public beta Thursday
- Apple grows Mac sales by 18% on the back of the MacBook Air
- Want an Apple watch? Just 3D print one
- What to listen for during Apple's earnings call today
- Mac sales will again outstrip industry average
- Apple, IBM spell out enterprise support for iPhone, iPad
- Timeline: How Apple's iOS gained enterprise cred
- Apple and IBM: A winning combo for IT
- Why Microsoft isn't spooked by the Apple-IBM alliance
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!