Oracle pulls Java 6 plug, but Apple likely to keep patching OS X Snow Leopard
If past practice is a clue, Apple will support Java 6 on Snow Leopard until second half of 2014
Computerworld - Apple on Monday patched Java 6 for OS X, following Oracle's lead and quashing a browser plug-in vulnerability that hackers have been exploiting.
Oracle issued the "out-of-band," or emergency, update for Java 6 and Java 7 to patch two critical vulnerabilities. One of those bugs -- designated CVE-2013-1493 -- has been exploited in the wild since at least Feb. 28, according to security firm FireEye, which discovered the attacks.
Because Apple maintains Java 6 for OS X -- unlike Java 7, which Oracle handles -- it followed with its own update, as usual.
But Oracle also said that Monday's update would be the final for the aging software. "This release is the last of publicly available JDK 6 Updates," Oracle said in its release notes. "Oracle recommends that users migrate to JDK 7 in order to continue receiving public updates and security enhancements."
That advice works for Windows users: Java 7 runs on all Microsoft-supported versions of its operating system, including Windows XP.
However, not all Mac users can upgrade to Java 7, which requires OS X Lion, or its successor, Mountain Lion. According to Web metrics company Net Applications, 37% of all Macs last month ran a version of OS X older than Lion. The majority of those users relied on OS X Snow Leopard, the 2009 operating system that is stubbornly resisting retirement.
But that doesn't necessarily mean that Snow Leopard users will be out in the cold, Java-wise.
Contrary to what Computerworld reported in December, when it said Snow Leopard users would be without Java 6 security updates as soon as Oracle pulled the plug, further investigation has provided more than a glimmer of hope.
Apple relies on Oracle to craft Java 6 patches, and so without Oracle creating patches, Apple would seemingly have nothing to distribute. Not quite.
Oracle will continue to come up with security patches for Java 6, but those will only be distributed to enterprises that have negotiated contract support plans with Oracle. And if the past is any indicator, Apple will have access to those only-for-corporate-customers patches and will use them to draft updates for its own users.
The future is murky, as it always is with Apple support -- unlike Microsoft, the company does not spell out its support policies in black and white -- but there is precedent.
For OS X 10.5, known as Leopard, Apple provided Java 5 updates well after Sun Microsystems, the creator and former owner of Java, stopped serving public patches.
Sun stopped Java 5 support with Java 5 Update 22 (Java 5u22), which it released Nov. 4, 2009. But Apple continued to issue Java 5 updates for Leopard until June 2011, when it released patches that it said pushed the software up to Java 5u30.
- Security, Privacy and Trust in Email Management This white paper discusses a SaaS-based email management solution that delivers the security, continuity and archiving capabilities your organization demands.
- Unifying Secuirty Operations Agile enterprises know that the way to quickly identify and react to threats to the business is to break down operational siloes by...
- Is Your Credit Card Data Safe from Hacks? News of recent credit card hacks has rocked consumer confidence. Even talk of a security breach can bring on a PR firestorm. What...
- Improving IT Efficiencies: Four Advantages of Multi-Tenant Data Centers Increasing demands on IT are forcing organizations to rethink their data center options. For many organizations, that means turning to the flexibility afforded...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Application Security White Papers | Webcasts