Apple pours OS X Snow Leopard another Java fix
34 patches from Cupertino for the aged -- but still alive -- Java 6
Computerworld - Apple on Tuesday patched Java 6 for OS X Snow Leopard, Lion and Mountain Lion, fixing 34 flaws that Oracle addressed the same day for Windows.
The update reiterated Apple's intent to keep patching Snow Leopard, the five-year-old operating system that remains the second-most-popular version on the Mac.
Because Snow Leopard users cannot upgrade to Java 7 -- Oracle's newest edition requires Lion or its 2012 successor, Mountain Lion -- they must rely on the older Java 6, which Apple maintains. Oracle itself deals out fixes for Java 7 bugs.
Apple is able to supply fixes for Java 6 because Oracle continues to investigate vulnerabilities and work up patches for the Windows version, even though it once pledged to retire the software in February. Oracle has not said how long it will continue to provide patches for Java 6 on Windows, and thus how long Apple will be able to issue security updates to customers running Snow Leopard.
Its website, for example, continues to claim that public support has ended.
Apple would be well-advised to keep patching Snow Leopard; in May the operating system powered 25% of the Macs that went online, according to statistics from analytics vendor Net Applications.
There's been little sign from Apple -- which is notoriously close-mouthed about its security practices -- that it plans to stop patching Snow Leopard any time soon. Earlier this month the Cupertino, Calif. company issued a security update of its own for Snow Leopard.
Apple's apparent decision to continue patching OS X 10.6, the numerical designation for Snow Leopard -- may be tested later this year when it launches OS X 10.9 Mavericks. At the time of Mavericks' debut, which Apple has pinpointed only as "this fall," the company will have four versions to support if it doesn't drop Snow Leopard from the list.
In the past, Apple only supported two versions simultaneously, the newest and the one immediately before that.
The Java 6 update for Snow Leopard, Lion and Mountain Lion can be retrieved by selecting "Software Update..." from the Apple menu, or by opening the Mac App Store application and clicking the Update icon at the top right. The update can also be downloaded manually from Apple's support site.
Java 7 for OS X, which was also patched Tuesday, can be downloaded from Oracle's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His email address is email@example.com.
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Microsoft plans another short patch slate for next week, but finds a few XP bugs to crush
- Target attack shows danger of remotely accessible HVAC systems
- Target hackers try new ways to use stolen card data
- Update: Microsoft to patch just-revealed Windows zero-day tomorrow
- NSA spying prompts open TrueCrypt encryption software audit to go viral
- Microsoft warns of Office zero-day, active hacker exploits
- Hackers move to create next Blackhole after 'Paunch' arrest
- Adobe hack shows subscription software vendors lucrative targets
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts