 |  |  |  |  |  |  |  |
Why did Apple take 5 months to fix 24 security holes in OS X Java?
Sun Microsystems managed to fix multiple security vulnerabilities in JDK and JRE months ago now, so why has it taken Apple so long to finally plug pretty much the same Java holes in Mac OS X?
Apple has known that its Java implementation has been, quite frankly, screwed since way back when. At least since April, because that is when Sun Microsystems started shipping security updates that fixed the flaws it had uncovered. Fast forward through the summer and, at long last, Apple has finally managed to sort out the problems with its own version of Java and announce updates to plug at least two dozen security holes in the OS X versions.
There are, in fact, two updates available to download from Apple. The first applies to Java for Mac OS X 10.4 and updates J2SE 5.0 to version 1.5.0_16, as well as Java 1.4 to version 1.4.2_18. The second applies to Java for Mac OS X 10.5, and promises "improved reliability and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.4 and later" by updating Java SE 6 to version 1.6.0_07, J2SE 5.0 to version 1.5.0_16, and J2SE 1.4.2 to 1.4.2_18.
Apple notes that the release of J2SE 5.0 and J2SE 1.4.2 supports all Intel and PowerPC-based Macs, while Java SE 6 is available on 64-bit, Intel-based Macs only.
The big question that Apple has to answer is why so long? I mean, if Sun can ship fixes for Windows and Linux versions out 5 months back, why should Apple users have to wait until now? More to the point, why should Apple users have to be exposed to so many security flaws for such an extended period of time?
These are critical vulnerabilities after all, the kind that can enable an attacker to inject malicious code easily enough. If I were Apple, I would be slapping myself for being so lethargic. Just because Macs have a good reputation for being relatively secure, at least when compared to Windows and Linux systems, there is no excuse for looking like you simply don't give a damn!
Certainly, at this rate, pretty soon you won't be able to claim that Apple is better than Windows or Linux, fanbois...
Apple has known that its Java implementation has been, quite frankly, screwed since way back when. At least since April, because that is when Sun Microsystems started shipping security updates that fixed the flaws it had uncovered. Fast forward through the summer and, at long last, Apple has finally managed to sort out the problems with its own version of Java and announce updates to plug at least two dozen security holes in the OS X versions.
There are, in fact, two updates available to download from Apple. The first applies to Java for Mac OS X 10.4 and updates J2SE 5.0 to version 1.5.0_16, as well as Java 1.4 to version 1.4.2_18. The second applies to Java for Mac OS X 10.5, and promises "improved reliability and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.4 and later" by updating Java SE 6 to version 1.6.0_07, J2SE 5.0 to version 1.5.0_16, and J2SE 1.4.2 to 1.4.2_18.
Apple notes that the release of J2SE 5.0 and J2SE 1.4.2 supports all Intel and PowerPC-based Macs, while Java SE 6 is available on 64-bit, Intel-based Macs only.
The big question that Apple has to answer is why so long? I mean, if Sun can ship fixes for Windows and Linux versions out 5 months back, why should Apple users have to wait until now? More to the point, why should Apple users have to be exposed to so many security flaws for such an extended period of time?
These are critical vulnerabilities after all, the kind that can enable an attacker to inject malicious code easily enough. If I were Apple, I would be slapping myself for being so lethargic. Just because Macs have a good reputation for being relatively secure, at least when compared to Windows and Linux systems, there is no excuse for looking like you simply don't give a damn!
Certainly, at this rate, pretty soon you won't be able to claim that Apple is better than Windows or Linux, fanbois...
0
•
•
•
•
If you want this article to come off better you might want to correct fanboi to fanboy. Otherwise it really comes off as a geek having a snit. Someone needs to amend the Godwins Law to include 'fanboi' 
http://en.wikipedia.org/wiki/Godwin's_law
http://en.wikipedia.org/wiki/Godwin's_law
0
•
•
•
•
In your haste only one of those updates by Sun had anything to do with Apple. SOOooo it's not as bad as you made it seem.
0
•
•
•
•
You are so impatient.
Calm down.
Consult with Rosy Palm as much as possible.
There are ZERO viruses for Mac OS X.
There are NO attacks on Mac OS X computers.
The sky is not falling, Chicken Little.
And now, Mac OS X is even more secure.
Calm down.
Consult with Rosy Palm as much as possible.
There are ZERO viruses for Mac OS X.
There are NO attacks on Mac OS X computers.
The sky is not falling, Chicken Little.
And now, Mac OS X is even more secure.
0
•
•
•
•
Hmmm?? Is funny how fanboys only apply to Apple users! I think Davey is a fanboy himself, first of all Linux also has a lot of vulnerabilities, not every one is a happy geek like you and uses apple for other stuff that Linux can't deliver. Apple is by far the best OS overall and deploying a java bug 5 month after is not gonna lose its place as the best OS. Linux needs a lot of work and windows, well I don't wanna get started there because there many reason why windows SUCK. I use linux ubuntu server and my mac to develop so I know what I'm talking about sadgeek.
0
•
•
•
•
IBM and Sun Microsystems both make computer systems for the corporate world. By purchasing Sun, IBM would get a leg up in the global finance and telecommunications markets. Representatives from both sides have yet to comment as of this writing. Sun Microsystems is both information technology and software company, and been recognized since the 80s. They had become one of the biggest competitors with Microsoft for IT and corporate software and hardware. However, after the dot com bust in the early 2000s, Sun Microsystems has begun to struggle a bit. Instant payday loans aren't really going to help them, but they have entered negotiations with IBM for a buyout that's supposed to total around $6.5 billion. News of the talks has boosted Suns' stock on the market. It may be the best move for them to avoid staring down bankruptcy, which would be a disaster for a firm as large as Sun Microsystems.
Similar Threads
- News Story: Security Holes Spring Up in Java Framework (Network Security)
- News Story: Apple ships 2.5 million Macs, sells 11 million iPods and 717,000 iPhones in just 3 months (Apple Hardware)
- News Story: Apple slow to patch iPhone security holes (Apple Hardware)
- News Story: Apple Security Update (Upcoming News Stories)
- Opera Rushes Out Another Security Fix (Windows NT / 2000 / XP)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
advertising age amd android apple appstore at&t avatar bluegene botnet browser business cellphone cellphones china chips copyright crime data database development dos downloads economy email encryption energy enterprise facebook firefox games gaming google government hacking hardware ibm ibm.news intel intelibm internet iphone ipod itunes java law leopard linux mac malware medicine memory microsoft mobile mozilla music news openoffice opensource os osx pc piracy porn privacy ps3 recession redhat research russia search security sex smartphone socialnetworking software sony spam stevejobs sun supercomputer supercomputing survey technology trends trojan twitter ubuntu uk video virus vista web windows windows7 working x86 xbox yahoo youtube
