Apple patches critical Mac bugs with Java updates
Continues to fix Java flaws in Leopard, Snow Leopard even though Lion won't include the Oracle software
Computerworld - Apple on Tuesday shipped a Java security update to Leopard and Snow Leopard users that patched a total of 27 vulnerabilities in the Oracle software.
Apple said that some of the bugs could be exploited to execute attack code outside the Java sandbox, which would make it possible for hackers hijack a vulnerable Mac. However, the company did not spell out how many of the vulnerabilities could be exploited to "execute arbitrary code," its way of saying that the flaws should be considered critical.
Mac OS X 10.5, a.k.a. Leopard, received an update that patched 16 vulnerabilities in Java SE 6 and another 11 in Java SE 5. The update for the newer Mac OS X 10.6, a.k.a. Snow Leopard, also patched the 16 bugs in Java SE 6.
The Java SE 6 update fixed the same flaws that Oracle patched with the 1.6.0_24 security update issued on Feb. 15, 2011.
Tuesday's Java update was the first for Apple since mid-October 2010.
Shortly before that, Apple "deprecated" the Java runtime on Mac OS X -- telling developers not to rely on it being present in the operating system -- and announced that it would contribute the tools and technologies it had created to build Java SE 7 to Oracle's OpenJDK open-source project.
In other words, Apple was indicating that it planned to stop its own development of Java for Mac and would drop it from future versions of the operating system.
The company did commit to continuing to support Java in Leopard and Snow Leopard, however.
"The Java runtime shipping in Mac OS X 10.6 Snow Leopard, and Mac OS X 10.5 Leopard, will continue to be supported and maintained through the standard support cycles of those products," Apple said on its developer Web site last October.
Last year's announcement hinted that Apple would not bundle a Java runtime with Mac OS X 10.7, a.k.a. Lion, the operating system upgrade slated to ship this summer. Reports, including one by AppleInsider last month, confirmed that Java is AWOL from Lion.
Experts are split on the question of whether the disappearance of Java from Mac OS X will improve the operating system's security.
The Java updates, which range between 75MB and 120MB in size, can be downloaded at the Apple site or installed using the operating system's integrated update service.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts