We Mac users enjoy a lot of perks over our PC counterparts, such as better functionality, nicer software, and a lot less viruses and vulnerabilities. But thanks to a major bug in the Java runtime, that gap may be shrinking.
Yes, the apocalypse is imminent. Lock your doors, close your windows, and hide in your cellars, because your Mac is about to be hit by a (insert dramatic suspense music) remote code execution attack. Well, maybe it’s not that scary, but vulnerability to a remote attack would allow hackers to crash Java and do all kinds of nasty things on your Mac. But how did this huge, gaping hole in the OS X Java software come about? By, like so many do, neglect.
It all started ten months ago, when someone on Google’s security team found two “code execution vulnerabilities” in the Java ICC profile parsing code. Then, in May 2007, Sun released an update for the Java runtime fixing that problem. That was great — but only if you were a Windows, Solaris, or Linux user. So, three months later, the bug still hasn’t been patched in OS X. Does that mean we’re totally vulnerable? Not exactly. Developer Landon Fuller has released a third-party patch for the Java runtime (which requires Unsanity’s Application Enhancer), with full source code. Of course, you could just disable Java altogether, though that would cut you out of a great deal of interactive web content.
So, while there are ways to get around the bug, it is a real shame that it is still out there solely because of Sun’s neglect of the Mac community.
[via ZDNet]
It's not Sun's fault that Mac Java hasn't been updated. Apple took over development of Java on Mac themselves years ago because Apple wanted control over the look and feel of Java apps on the Mac. Apple is the party guilty of neglect here. Not only has Apple failed to provide the patch for this vulnerability, they also haven't provided Java 6 for the Mac which was released last December on the platforms for which Sun is responsible (Solaris, Linux, and Windows). I love my Mac, but Apple needs to step up to the plate on maintenance of their Java implementation.
It's not Sun's fault and no one is blaming them. It's actually Apple.
Apple is at a pivotal time when they could address any potential threats and mock its Windows counterpart.
It would be a reassuring thing to see them patch Java quickly and avoid the whole late 90's Windows/Java debacle.
Clearly Apple needs to get this fixed.
However, Apple is forced to do the development of Java for Mac because Sun won't do it, not because they want more control. Sun turned their back on this platform a long time ago.
It would be better for everyone if Sun would step up to the plate and support the Mac directly.