Linked by Thom Holwerda on Tue 19th May 2009 22:20 UTC
Mac OS X Six months ago, a certain security flaw in Java was fixed by Sun. This flaw was present in OpenJDK, GIJ, icedtea and Sun's JRE, but it got fixed in those. There's one important shipping Java implementation that still has not been fixed to remove this security flaw: Apple's Java.
Thread beginning with comment 364438
To read all comments associated with this story, please click here.
Wow. A rare gem.
by slashdev on Tue 19th May 2009 22:33 UTC
slashdev
Member since:
2006-05-14

Its very rare to find a java exploit that can do any real damage. This one is fairly amazing.

Does anyone know why apple cant just release a small patch? Java, on the OS X platform, has one of the rare privileges of being part of the OS auto-update facilities, so it cant be THAT hard...

Reply Score: 3

RE: Wow. A rare gem.
by darknexus on Tue 19th May 2009 23:49 in reply to "Wow. A rare gem."
darknexus Member since:
2008-07-15

Given the way Apple seems to be shunning Java lately I'm surprised it's still in the software update feature. The jvm that ships with os x is still a 1.5 rather than a 1.6 for example, and Apple has all but deprecated the Cocoa-Java bridge, at least that was their stance a few months ago. Java has been reduced to a second-class citizen on Mac, and Apple seems to like it that way. Given this, I'm disappointed--though not surprised--that their jvm is still unpatched.

Reply Parent Score: 2

RE[2]: Wow. A rare gem.
by tyrione on Wed 20th May 2009 00:56 in reply to "RE: Wow. A rare gem."
tyrione Member since:
2005-11-21

Given the way Apple seems to be shunning Java lately I'm surprised it's still in the software update feature. The jvm that ships with os x is still a 1.5 rather than a 1.6 for example, and Apple has all but deprecated the Cocoa-Java bridge, at least that was their stance a few months ago. Java has been reduced to a second-class citizen on Mac, and Apple seems to like it that way. Given this, I'm disappointed--though not surprised--that their jvm is still unpatched.


Unless Apple restores WebObjects to it's roots with ObjC and Cocoa then a new release of WOF with a new JVM to cover this will occur.

I'm betting it'll arrive at WWDC or the day Snow Leopard arrives.

Reply Parent Score: 3

v RE: Wow. A rare gem.
by Macrat on Wed 20th May 2009 01:39 in reply to "Wow. A rare gem."
RE[2]: Wow. A rare gem.
by elsewhere on Wed 20th May 2009 04:43 in reply to "RE: Wow. A rare gem."
elsewhere Member since:
2005-07-13

Most likely Sun is demanding that Apple buy a support contract in order to get the code fix.

Java isn't "free" after all.


Nice try. You missed the part about OpenJDK, GIJ and icedtea already being patched. All of which are "free".

Apple rolls their own Java, as many others do. Apple is being lazy. Quit making excuses.

Reply Parent Score: 6