Why did Apple take 5 months to fix 24 security holes in OS X Java?
Please support our Software Development advertiser: Programming Forums
Sep 26th, 2008, 9:42 am
Sun Microsystems managed to fix multiple security vulnerabilities in JDK and JRE months ago now, so why has it taken Apple so long to finally plug pretty much the same Java holes in Mac OS X?
Apple has known that its Java implementation has been, quite frankly, screwed since way back when. At least since April, because that is when Sun Microsystems started shipping security updates that fixed the flaws it had uncovered. Fast forward through the summer and, at long last, Apple has finally managed to sort out the problems with its own version of Java and announce updates to plug at least two dozen security holes in the OS X versions.
There are, in fact, two updates available to download from Apple. The first applies to Java for Mac OS X 10.4 and updates J2SE 5.0 to version 1.5.0_16, as well as Java 1.4 to version 1.4.2_18. The second applies to Java for Mac OS X 10.5, and promises "improved reliability and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.4 and later" by updating Java SE 6 to version 1.6.0_07, J2SE 5.0 to version 1.5.0_16, and J2SE 1.4.2 to 1.4.2_18.
Apple notes that the release of J2SE 5.0 and J2SE 1.4.2 supports all Intel and PowerPC-based Macs, while Java SE 6 is available on 64-bit, Intel-based Macs only.
The big question that Apple has to answer is why so long? I mean, if Sun can ship fixes for Windows and Linux versions out 5 months back, why should Apple users have to wait until now? More to the point, why should Apple users have to be exposed to so many security flaws for such an extended period of time?
These are critical vulnerabilities after all, the kind that can enable an attacker to inject malicious code easily enough. If I were Apple, I would be slapping myself for being so lethargic. Just because Macs have a good reputation for being relatively secure, at least when compared to Windows and Linux systems, there is no excuse for looking like you simply don't give a damn!
Certainly, at this rate, pretty soon you won't be able to claim that Apple is better than Windows or Linux, fanbois...
Apple has known that its Java implementation has been, quite frankly, screwed since way back when. At least since April, because that is when Sun Microsystems started shipping security updates that fixed the flaws it had uncovered. Fast forward through the summer and, at long last, Apple has finally managed to sort out the problems with its own version of Java and announce updates to plug at least two dozen security holes in the OS X versions.
There are, in fact, two updates available to download from Apple. The first applies to Java for Mac OS X 10.4 and updates J2SE 5.0 to version 1.5.0_16, as well as Java 1.4 to version 1.4.2_18. The second applies to Java for Mac OS X 10.5, and promises "improved reliability and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.4 and later" by updating Java SE 6 to version 1.6.0_07, J2SE 5.0 to version 1.5.0_16, and J2SE 1.4.2 to 1.4.2_18.
Apple notes that the release of J2SE 5.0 and J2SE 1.4.2 supports all Intel and PowerPC-based Macs, while Java SE 6 is available on 64-bit, Intel-based Macs only.
The big question that Apple has to answer is why so long? I mean, if Sun can ship fixes for Windows and Linux versions out 5 months back, why should Apple users have to wait until now? More to the point, why should Apple users have to be exposed to so many security flaws for such an extended period of time?
These are critical vulnerabilities after all, the kind that can enable an attacker to inject malicious code easily enough. If I were Apple, I would be slapping myself for being so lethargic. Just because Macs have a good reputation for being relatively secure, at least when compared to Windows and Linux systems, there is no excuse for looking like you simply don't give a damn!
Certainly, at this rate, pretty soon you won't be able to claim that Apple is better than Windows or Linux, fanbois...
•
•
•
•
This blog entry was written by Davey Winder, staff writer aka happygeek. It has been filed under the Software Development category. It has received 2,898 views, 3 comment(s), and 28 linkbacks. It was promoted to featured news status Sep 26th, 2008.
batitombo | Newbie Poster | Sep 28th, 2008
•
•
•
•
Hmmm?? Is funny how fanboys only apply to Apple users! I think Davey is a fanboy himself, first of all Linux also has a lot of vulnerabilities, not every one is a happy geek like you and uses apple for other stuff that Linux can't deliver. Apple is by far the best OS overall and deploying a java bug 5 month after is not gonna lose its place as the best OS. Linux needs a lot of work and windows, well I don't wanna get started there because there many reason why windows SUCK. I use linux ubuntu server and my mac to develop so I know what I'm talking about sadgeek.
jameskatt | Newbie Poster | Sep 27th, 2008
•
•
•
•
You are so impatient.
Calm down.
Consult with Rosy Palm as much as possible.
There are ZERO viruses for Mac OS X.
There are NO attacks on Mac OS X computers.
The sky is not falling, Chicken Little.
And now, Mac OS X is even more secure.
Calm down.
Consult with Rosy Palm as much as possible.
There are ZERO viruses for Mac OS X.
There are NO attacks on Mac OS X computers.
The sky is not falling, Chicken Little.
And now, Mac OS X is even more secure.
dylan214u@yahoo | Newbie Poster | Sep 26th, 2008
•
•
•
•
In your haste only one of those updates by Sun had anything to do with Apple. SOOooo it's not as bad as you made it seem.
Mathue | Newbie Poster | Sep 26th, 2008
•
•
•
•
If you want this article to come off better you might want to correct fanboi to fanboy. Otherwise it really comes off as a geek having a snit. Someone needs to amend the Godwins Law to include 'fanboi' 
http://en.wikipedia.org/wiki/Godwin's_law
http://en.wikipedia.org/wiki/Godwin's_law
Related Blog Entries
- Will Moonfruit destroy Twitter? (7 Hours Ago)
- Hotz does it again, iPhone 3GS is jailbroken!!! (2 Days Ago)
- Pink iPhone 3GS is hot stuff (3 Days Ago)
- Michael Jackson sparks celebrity death hoax epidemic (5 Days Ago)
- Professionals Poo Poo Passwords (9 Days Ago)
Related Forum Threads
- Java Encryption and Decryption (Java)
- facing problem in database connectivity in java to mysql (Java)
- Sql + Java (Java)
- Java Encryption error (Java)
- Where can ! get some coding about Java-Security (Java)
- java in mandrake linux 10.0 help (Java)
- Following tutorials and getting java.lang.NoClassDefFoundError (Java)
- JAVA Permission Blues.. :( (Java)