Sun Microsystems managed to fix multiple security vulnerabilities in JDK and JRE months ago now, so why has it taken Apple so long to finally plug pretty much the same Java holes in Mac OS X?
Apple has known that its Java implementation has been, quite frankly, screwed since way back when. At least since April, because that is when Sun Microsystems started shipping security updates that fixed the flaws it had uncovered. Fast forward through the summer and, at long last, Apple has finally managed to sort out the problems with its own version of Java and announce updates to plug at least two dozen security holes in the OS X versions.
There are, in fact, two updates available to download from Apple. The first applies to Java for Mac OS X 10.4 and updates J2SE 5.0 to version 1.5.0_16, as well as Java 1.4 to version 1.4.2_18. The second applies to Java for Mac OS X 10.5, and promises "improved reliability and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.4 and later" by updating Java SE 6 to version 1.6.0_07, J2SE 5.0 to version 1.5.0_16, and J2SE 1.4.2 to 1.4.2_18.
Apple notes that the release of J2SE 5.0 and J2SE 1.4.2 supports all Intel and PowerPC-based Macs, while Java SE 6 is available on 64-bit, Intel-based Macs only.
The big question that Apple has to answer is why so long? I mean, if Sun can ship fixes for Windows and Linux versions out 5 months back, why should Apple users have to wait until now? More to the point, why should Apple users have to be exposed to so many security flaws for such an extended period of time?
These are critical vulnerabilities after all, the kind that can enable an attacker to inject malicious code easily enough. If I were Apple, I would be slapping myself for being so lethargic. Just because Macs have a good reputation for being relatively secure, at least when compared to Windows and Linux systems, there is no excuse for looking like you simply don't give a damn!
Certainly, at this rate, pretty soon you won't be able to claim that Apple is better than Windows or Linux, fanbois...