Oracle to stop patching Java 6 in February 2013
Presents problems for Mac owners running Snow Leopard and earlier versions of OS X
Computerworld - Java 6 will be retired from security support in less than two months, and users and businesses should prepare now for its demise, experts said today.
Oracle will publicly patch Java 6 for the last time on Feb. 19, 2013. After that date, only enterprises with contract support plans will receive security updates, according to the Java support roadmap.
That means consumers and most businesses should upgrade to Java 7 as soon as possible, said security professionals Wednesday.
"If you're not able to upgrade [to Java 7], you'd better have some pretty deep in-depth defenses in place," warned Jason Miller, manager of research and development at VMware.
Miller has a point: In 2012, Java vulnerabilities were widely targeted by exploit writers and hackers. Last March, for example, approximately 2% of all Macs were infected with Flashback, malware that exploited a Java bug that Apple was sluggish in patching, even though Oracle had issued fixes for other platforms.
Apple continues to maintain Java 6 for OS X users but ceded responsibility for Java 7 to Oracle in 2010.
Miller thought there was more to Oracle's decision to push aside the 2006 software than Java 6's longer-than-usual life. "Java 6 was Sun's Java," Miller noted. "Java 7 is Oracle's first. It's Oracle's product now."
Oracle acquired Sun Microsystems in late 2010 after it offered $7.4 billion for Java's creator the year before. Oracle released Java 7 in July 2011.
Although Oracle extended Java 6's EOL, for "end-of-life," twice this year -- first from July to November 2012, then again from November 2012 to February 2013 -- Miller was certain that this time the date would stick.
"At some point, they just have to say it's retired," said Miller, comparing Oracle's situation to that of Microsoft, which has delayed Windows XP's retirement, but now seems ready to stand by an April 2014 expiration date.
While individuals may have little trouble upgrading to Java 7, enterprises face a bumpier road.
IT administrators and Java developers are the most at risk of not making the deadline, said Miller. "They really need to test their [Java] apps," said Miller, and if necessary, rebuild or modify their in-house and public apps.
The bright spot is that users and enterprises have six months to dump Java 6 before they'll miss a bug fix. After the Feb. 19 update, the next Java patches will be released June 18, 2013. "Between now and June, enterprises should be testing [Java 7] and deploying it," Miller recommended.
Java 6's support death presents special problems for Mac users. While Java 7 runs on all current editions of Windows, including the 11-year-old Windows XP, it requires OS X 10.7, aka Lion, or its successor, Mountain Lion, on Macs.
- Security, Privacy and Trust in Email Management This white paper discusses a SaaS-based email management solution that delivers the security, continuity and archiving capabilities your organization demands.
- Unifying Secuirty Operations Agile enterprises know that the way to quickly identify and react to threats to the business is to break down operational siloes by...
- Is Your Credit Card Data Safe from Hacks? News of recent credit card hacks has rocked consumer confidence. Even talk of a security breach can bring on a PR firestorm. What...
- Considerations For Effective Software License Management For many reasons, software license management has become a critical issue for many IT organizations and enterprise's alike. With many licensing options, hurdles...
- It's not too late...Get Your Mobile Questions Answered Live! How can IT provide seamless and secure mobile communications and collaboration for all? Join this live Webcast as IDG asks an expert panel...
- Why do you need an enterprise mobile platform? Today companies must offer great apps that run on a range of devices, and connect to an exploding set of backend data. Appcelerator... All Application Security White Papers | Webcasts