Sun Microsystems managed to fix multiple security vulnerabilities in JDK and JRE months ago now, so why has it taken Apple so long to finally plug pretty much the same Java holes in Mac OS X?

Apple has known that its Java implementation has been, quite frankly, screwed since way back when. At least since April, because that is when Sun Microsystems started shipping security updates that fixed the flaws it had uncovered. Fast forward through the summer and, at long last, Apple has finally managed to sort out the problems with its own version of Java and announce updates to plug at least two dozen security holes in the OS X versions.

There are, in fact, two updates available to download from Apple. The first applies to Java for Mac OS X 10.4 and updates J2SE 5.0 to version 1.5.0_16, as well as Java 1.4 to version 1.4.2_18. The second applies to Java for Mac OS X 10.5, and promises "improved reliability and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.4 and later" by updating Java SE 6 to version 1.6.0_07, J2SE 5.0 to version 1.5.0_16, and J2SE 1.4.2 to 1.4.2_18.

Apple notes that the release of J2SE 5.0 and J2SE 1.4.2 supports all Intel and PowerPC-based Macs, while Java SE 6 is available on 64-bit, Intel-based Macs only.

The big question that Apple has to answer is why so long? I mean, if Sun can ship fixes for Windows and Linux versions out 5 months back, why should Apple users have to wait until now? More to the point, why should Apple users have to be exposed to so many security flaws for such an extended period of time?

These are critical vulnerabilities after all, the kind that can enable an attacker to inject malicious code easily enough. If I were Apple, I would be slapping myself for being so lethargic. Just because Macs have a good reputation for being relatively secure, at least when compared to Windows and Linux systems, there is no excuse for looking like you simply don't give a damn!

Certainly, at this rate, pretty soon you won't be able to claim that Apple is better than Windows or Linux, fanbois...

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

9 Years
Discussion Span
Last Post by IsaacU

In your haste only one of those updates by Sun had anything to do with Apple. SOOooo it's not as bad as you made it seem.


You are so impatient.
Calm down.
Consult with Rosy Palm as much as possible.

There are ZERO viruses for Mac OS X.
There are NO attacks on Mac OS X computers.

The sky is not falling, Chicken Little.

And now, Mac OS X is even more secure.


Hmmm?? Is funny how fanboys only apply to Apple users! I think Davey is a fanboy himself, first of all Linux also has a lot of vulnerabilities, not every one is a happy geek like you and uses apple for other stuff that Linux can't deliver. Apple is by far the best OS overall and deploying a java bug 5 month after is not gonna lose its place as the best OS. Linux needs a lot of work and windows, well I don't wanna get started there because there many reason why windows SUCK. I use linux ubuntu server and my mac to develop so I know what I'm talking about sadgeek.


IBM and Sun Microsystems both make computer systems for the corporate world. By purchasing Sun, IBM would get a leg up in the global finance and telecommunications markets. Representatives from both sides have yet to comment as of this writing. Sun Microsystems is both information technology and software company, and been recognized since the 80s. They had become one of the biggest competitors with Microsoft for IT and corporate software and hardware. However, after the dot com bust in the early 2000s, Sun Microsystems has begun to struggle a bit. Instant payday loans aren't really going to help them, but they have entered negotiations with IBM for a buyout that's supposed to total around $6.5 billion. News of the talks has boosted Suns' stock on the market. It may be the best move for them to avoid staring down bankruptcy, which would be a disaster for a firm as large as Sun Microsystems.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.