Apple pours OS X Snow Leopard another Java fix
34 patches from Cupertino for the aged -- but still alive -- Java 6
Computerworld - Apple on Tuesday patched Java 6 for OS X Snow Leopard, Lion and Mountain Lion, fixing 34 flaws that Oracle addressed the same day for Windows.
The update reiterated Apple's intent to keep patching Snow Leopard, the five-year-old operating system that remains the second-most-popular version on the Mac.
Because Snow Leopard users cannot upgrade to Java 7 -- Oracle's newest edition requires Lion or its 2012 successor, Mountain Lion -- they must rely on the older Java 6, which Apple maintains. Oracle itself deals out fixes for Java 7 bugs.
Apple is able to supply fixes for Java 6 because Oracle continues to investigate vulnerabilities and work up patches for the Windows version, even though it once pledged to retire the software in February. Oracle has not said how long it will continue to provide patches for Java 6 on Windows, and thus how long Apple will be able to issue security updates to customers running Snow Leopard.
Its website, for example, continues to claim that public support has ended.
Apple would be well-advised to keep patching Snow Leopard; in May the operating system powered 25% of the Macs that went online, according to statistics from analytics vendor Net Applications.
There's been little sign from Apple -- which is notoriously close-mouthed about its security practices -- that it plans to stop patching Snow Leopard any time soon. Earlier this month the Cupertino, Calif. company issued a security update of its own for Snow Leopard.
Apple's apparent decision to continue patching OS X 10.6, the numerical designation for Snow Leopard -- may be tested later this year when it launches OS X 10.9 Mavericks. At the time of Mavericks' debut, which Apple has pinpointed only as "this fall," the company will have four versions to support if it doesn't drop Snow Leopard from the list.
In the past, Apple only supported two versions simultaneously, the newest and the one immediately before that.
The Java 6 update for Snow Leopard, Lion and Mountain Lion can be retrieved by selecting "Software Update..." from the Apple menu, or by opening the Mac App Store application and clicking the Update icon at the top right. The update can also be downloaded manually from Apple's support site.
Java 7 for OS X, which was also patched Tuesday, can be downloaded from Oracle's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His email address is email@example.com.
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Microsoft plans another short patch slate for next week, but finds a few XP bugs to crush
- Target attack shows danger of remotely accessible HVAC systems
- Target hackers try new ways to use stolen card data
- Update: Microsoft to patch just-revealed Windows zero-day tomorrow
- NSA spying prompts open TrueCrypt encryption software audit to go viral
- Microsoft warns of Office zero-day, active hacker exploits
- Hackers move to create next Blackhole after 'Paunch' arrest
- Adobe hack shows subscription software vendors lucrative targets
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts