Apple Updates Java for Lion and Snow Leopard in Sync with Oracle

MacRumors

macrumors bot
Original poster
Apr 12, 2001
47,660
9,408





Apple yesterday released a pair of software updates for Java, issuing versions for both Lion and Snow Leopard. The update in part builds upon an earlier Java update for Lion that disabled automatic execution of Java applets in an attempt to minimize the impact of Java-based malware threats like Flashback.
This update configures web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled "Inactive plug-in" on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.
As noted by Krebs on Security, the release is notable because it came on the same day that Oracle released updates for Java on other platforms. Apple has long been criticized for lagging on Java updates, a policy which allowed the Flashback malware to flourish as Mac systems remained unprotected against the threat even though Oracle had patched the vulnerability on other systems several months before.
The update Oracle released yesterday, Java 6 Update 33 and Java 7 Update 5, fixes at least 14 security flaws in the oft-attacked software that is installed on more than three billion devices worldwide. Apple's Java update brings Java on the Mac to 1.6.0_33, and patches 11 of the 14 security vulnerabilities that Oracle fixed in Tuesday's release. It's unclear whether those other three flaws simply don't exist in the Mac version of Java, but we'll take progress where we can get it.
With Java SE 7 set to come to the Mac later this year, control over updates is transitioning from Apple to the OpenJDK project, with both Apple and Oracle providing expertise to ensure that updates for Mac roll out on a timely basis. That transition was begun back in late 2010, with Steve Jobs noting at the time that having Apple responsible for Java updates on the Mac "may not be the best way to do it."

Article Link: Apple Updates Java for Lion and Snow Leopard in Sync with Oracle
 

dokujaryu

macrumors 6502
May 3, 2011
359
12
Irvine, California
Updating now. I use JDeveloper with Mac OS X which requires a symbolic link from classes.jar to the nonexistent on Mac rt.jar. The OpenJDK Mac OS X initiative is using the traditional jar names, so I hope this persists when Apple goes 7. (which it should since they are using OpenJDK)
 
Comment

TwinMonkeys

macrumors member
Feb 7, 2012
40
0
The JVM is a good platform for some kinds of software development (as long as you're not using Java lol) but its a good move to dump it from web browsers by default. I have not even seen a Java Applet in years - most people will never require this for common uses. In a corporate environment it might be necessary, but not for normal daily users.
 
Comment

dokujaryu

macrumors 6502
May 3, 2011
359
12
Irvine, California
Every IDE I use except X Code (Eclipse, NetBeans, JDeveloper) is written in Java for platform independence.

I do a lot of server side work in Java EE. It's a pretty common technology behind the websites you use. A lot of in-house applications are written and maintained in Java in big companies as well. (it's sort of the "new" Visual Basic if you will. Some places still use .NET and VB.NET heavily tho)

Personally I believe Java is getting better rather than worse. EE especially has come a long way since 1.4.2.
 
Comment

jerryobr

macrumors newbie
May 4, 2010
21
0
Instances of Flashback Virus?

Hi. I was wondering how many of you actually had an instance of the Flashback virus on your Mac's? I understand the importance of taking action to prevent its occurrence. I have a number of Macs, and none of them were ever infected. Same for many friends' Macs. Curious how widespread the infestation really turned out to be, versus the potential that security firms were touting.
 
Comment

Codyak

macrumors 6502
Apr 6, 2012
370
127
DC
Hi. I was wondering how many of you actually had an instance of the Flashback virus on your Mac's? I understand the importance of taking action to prevent its occurrence. I have a number of Macs, and none of them were ever infected. Same for many friends' Macs. Curious how widespread the infestation really turned out to be, versus the potential that security firms were touting.
I also didn't personally know anyone who got it.
 
Comment

50548

Guest
Apr 17, 2005
5,039
2
Currently in Switzerland
Hi. I was wondering how many of you actually had an instance of the Flashback virus on your Mac's? I understand the importance of taking action to prevent its occurrence. I have a number of Macs, and none of them were ever infected. Same for many friends' Macs. Curious how widespread the infestation really turned out to be, versus the potential that security firms were touting.
None here (or ever for that matter) - AND none for all my friends as well. Even after 10 years, there are still no viruses on OS X.
 
Comment

r.harris1

macrumors 6502a
Feb 20, 2012
830
928
Denver, Colorado, USA
Who cares about Java anyway/nowadays?
A tremendous amount of enterprise server-side development is Java-based. This means things like provisioning systems in telecom, billing systems, customer chat, preference management, identity management, etc behind a lot of the web sites you use will very likely have a strong Java presence, among many other things.

So the answer is "Lots of people and companies".
 
Comment

macsmurf

macrumors 65816
Aug 3, 2007
1,199
605
Who cares about Java anyway/nowadays?
Given that Java is one of the most popular programming language in the world, at lot of developers (including me) care. It means I can use my mac at work.

Also, due to a rather stupid decision on a national scale, Java is required for logging into banks in Denmark.
 
Comment

brdeveloper

macrumors 68030
Apr 21, 2010
2,535
191
Brasil
Who cares about Java anyway/nowadays?
Java developers mainly. "Facebook For Every Phone" app is in Java ME (mobile). A lot of corporate systems are Java SE and EE and sites are Java EE (server-side).

Java SE was never broadly adopted for the common user, although an operating system that wants to support corporative software (usage and development) must run Java apps.
 
Comment

klamse25

macrumors 6502a
Oct 25, 2009
610
6
Who cares about Java anyway/nowadays?
You're completely ignorant.
Java is the most widely used cross-platform language today.

PS: Ever heard of Minecraft? That game is based on Java.
So millions of people are "who care about Java."
 
Comment

TwinMonkeys

macrumors member
Feb 7, 2012
40
0
Who cares about Java anyway/nowadays?
The Java language is horrible for many purposes where you have a small team and want to get stuff done quickly, agreed. However, Java powers a lot of infrastructure around the world and is useful for many large services and will be important for a long time.

Additionally, the JVM is a proven and great overall platform for software development. Look at Clojure, Scala, Groovy, JRuby, plenty of others. All of these run on the JVM and there's a lot of very interesting software development possible through this even if you never directly touch Java.
 
Comment

juliazo

macrumors newbie
Jun 13, 2012
16
1
Link directing to previous (2012-003) update, anyone else?

Is anyone else redirected to the older version of the update when clicking on the Lion link? Trying to get the package separately to deploy over the network.

Thanks!
 
Last edited:
Comment

50548

Guest
Apr 17, 2005
5,039
2
Currently in Switzerland
A tremendous amount of enterprise server-side development is Java-based. This means things like provisioning systems in telecom, billing systems, customer chat, preference management, identity management, etc behind a lot of the web sites you use will very likely have a strong Java presence, among many other things.

So the answer is "Lots of people and companies".
Interestingly, it seems like I am not part of "lots of people" - Java has been deactivated on my Safari for months now, and I haven't even noticed it. :rolleyes:

----------

You're completely ignorant.
Java is the most widely used cross-platform language today.

PS: Ever heard of Minecraft? That game is based on Java.
So millions of people are "who care about Java."
Minecraft is available for iOS and does NOT require Java on the client side...not that I will ever play that POS, of course.

Again, my point was: From an end user's perspective, Java is close to irrelevant nowadays. I don't care if it is still widely used in the back office (programming languages and habits can always change anyway).
 
Comment

iDuel

macrumors 6502a
Jul 20, 2011
773
94
Greece/USA
Minecraft is available for iOS and does NOT require Java on the client side...not that I will ever play that POS, of course.
That isn't the point. The fact of the matter is that many consumers use Java for playing Java-based browser games. (i.e. Minecraft for PC & Mac which does require Java to be played in the web browser) I could also name off a few more browser-based Java games which are played by millions of users.
 
Comment

r.harris1

macrumors 6502a
Feb 20, 2012
830
928
Denver, Colorado, USA
Interestingly, it seems like I am not part of "lots of people" - Java has been deactivated on my Safari for months now, and I haven't even noticed it. :rolleyes:

----------



Minecraft is available for iOS and does NOT require Java on the client side...not that I will ever play that POS, of course.

Again, my point was: From an end user's perspective, Java is close to irrelevant nowadays. I don't care if it is still widely used in the back office (programming languages and habits can always change anyway).
Not really sure what your particular point is commenting in this thread if it has no relevance to you, though hey, your time is your own. I'm also not sure whether anyone cares, really, if you use it on your Mac or if you've shut down access, or whatever (but maybe that's just me :)) but to call it irrelevant is to perhaps not see the bigger picture. It's out there running a lot of stuff you interact with on a daily basis, as mentioned previously.
 
Comment

mgol

macrumors newbie
May 22, 2012
2
0
Updating now. I use JDeveloper with Mac OS X which requires a symbolic link from classes.jar to the nonexistent on Mac rt.jar. The OpenJDK Mac OS X initiative is using the traditional jar names, so I hope this persists when Apple goes 7. (which it should since they are using OpenJDK)
Apple won't "go 7". It's Oracle who will go 7 on OS X. Apple has nothing to do with Java 7 themselves, their support ends with version 6.
 
Comment

dokujaryu

macrumors 6502
May 3, 2011
359
12
Irvine, California
Apple won't "go 7". It's Oracle who will go 7 on OS X. Apple has nothing to do with Java 7 themselves, their support ends with version 6.
Well, we'll see. I wouldn't be surprised if Software Update and Mac OS X's JVM selector is still in play, even after the OpenJDK becomes the source. Honestly I hope this is the case because the alternative is multiple update mechanisms like on Windows, which blows.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.