Apple patches critical Mac bugs with Java updates
Continues to fix Java flaws in Leopard, Snow Leopard even though Lion won't include the Oracle software
Computerworld - Apple on Tuesday shipped a Java security update to Leopard and Snow Leopard users that patched a total of 27 vulnerabilities in the Oracle software.
Apple said that some of the bugs could be exploited to execute attack code outside the Java sandbox, which would make it possible for hackers hijack a vulnerable Mac. However, the company did not spell out how many of the vulnerabilities could be exploited to "execute arbitrary code," its way of saying that the flaws should be considered critical.
Mac OS X 10.5, a.k.a. Leopard, received an update that patched 16 vulnerabilities in Java SE 6 and another 11 in Java SE 5. The update for the newer Mac OS X 10.6, a.k.a. Snow Leopard, also patched the 16 bugs in Java SE 6.
The Java SE 6 update fixed the same flaws that Oracle patched with the 1.6.0_24 security update issued on Feb. 15, 2011.
Tuesday's Java update was the first for Apple since mid-October 2010.
Shortly before that, Apple "deprecated" the Java runtime on Mac OS X -- telling developers not to rely on it being present in the operating system -- and announced that it would contribute the tools and technologies it had created to build Java SE 7 to Oracle's OpenJDK open-source project.
In other words, Apple was indicating that it planned to stop its own development of Java for Mac and would drop it from future versions of the operating system.
The company did commit to continuing to support Java in Leopard and Snow Leopard, however.
"The Java runtime shipping in Mac OS X 10.6 Snow Leopard, and Mac OS X 10.5 Leopard, will continue to be supported and maintained through the standard support cycles of those products," Apple said on its developer Web site last October.
Last year's announcement hinted that Apple would not bundle a Java runtime with Mac OS X 10.7, a.k.a. Lion, the operating system upgrade slated to ship this summer. Reports, including one by AppleInsider last month, confirmed that Java is AWOL from Lion.
Experts are split on the question of whether the disappearance of Java from Mac OS X will improve the operating system's security.
The Java updates, which range between 75MB and 120MB in size, can be downloaded at the Apple site or installed using the operating system's integrated update service.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts