News

Apple patches Java 6 for OS X Snow Leopard, Lion

Duplicates the defense-in-depth change Oracle issued last week

Senior Reporter, Computerworld |

Apple today issued a Java update for OS X Lion and Snow Leopard to make it more difficult for hackers to exploit other vulnerabilities.

The update brought Java 6 up to par with Oracle's version 35, which it released last Thursday, Aug. 30. Oracle's so-called "out-of-band," or emergency patch, fixed three bugs in Java 7 that hackers had already begun exploiting, and made one change to Java 6.

"[The latter] represents a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited," Oracle said in its advisory of a week ago.

Apple was required to provide the defense-in-depth update because it still maintains Java 6, which it bundled with 2009's OS X Snow Leopard and offered to users running 2011's Lion as an optional download when they encountered a Java applet on the Web.

However, Apple is not responsible for Java 7; the company handed back control of the software to Oracle in 2010. The OS X patches for the three Java 7 flaws, then, were produced by Oracle and shipped last week alongside the fixes for the Windows version of Java 7.

Today's Java patch was the first Apple update for OS X Snow Leopard since June 12. Although Snow Leopard still powers about a third of all Macs, Apple has likely halted security updates for that edition. If Apple follows past practice, it will continue to update a small group of homegrown and third-party components -- iTunes, Java, QuickTime and Safari -- in Snow Leopard for several months.

Java 6 version 35 can be downloaded from Apple's website for OS X Snow Leopard and Lion. Users running Java can also wait for Software Update to notify them that the Java download is available.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about security in Computerworld's Security Topic Center.

Related:

Senior Reporter Gregg Keizer covers Windows, Office, Apple/enterprise, web browsers and web apps for Computerworld.

Copyright © 2012 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon