Forget Apple: Oracle to bring Java security fixes directly to Mac users
Oracle released Java SE 7 Update 4 this week, which finally gives Mac owners the means to receive critical Java security patches at the same time they're available for users of Windows and Linux operating systems. The new release means that OS X should be receiving regular Java updates directly from the source—helping to prevent attacks like the recent Flashback infection—as well as a fully supported Java development environment.
Before this week, Apple built and released a version of Java for OS X on its own, and often lagged weeks or months behind Oracle in pushing out updates that patched serious security holes. However, Apple deprecated its own Java Virtual Machine (JVM) and other tools in 2010. Though the company committed to maintaining Java for Leopard and Snow Leopard, it warned that "developers should not rely on the Apple-supplied Java runtime being present in future versions of Mac OS X."
Beginning with the latest update to Java SE 7, however, Oracle has made OS X (from Lion forward) a fully supported platform for both Java deployment—including a Java Platform 1.7 compliant JVM—and Java development. Update 4 includes a full OS X version of the Java Development Kit (JDK) and JavaFX 2.1.
According to Henrik Stahl, Oracle's senior director of Product Management for the Java platform, there are some remaining issues related to packaging and debugging tools, and the Java Plugin and Web Start features "will be added in subsequent releases." Still, Oracle JDK and Java FX are "considered standard Oracle releases" and are fully supported.
"Future release of the Oracle JDK and JavaFX on Mac will follow the normal JDK release train with 4-6 releases every year," Stahl wrote on his blog. "The next major milestone is JDK 7 Update 6 where we plan to add support for Plugin and Web Start. JDK 8 will of course also support Mac OS X."
Until the Web plugin is available from Oracle, however, Mac users may still be vulnerable to attacks based on Java exploits. Users who don't update to Oracle's version and still rely on Apple's deprecated version, could face a similar security vulnerability. The good news is that Oracle offers automated update tools, so applying patches should be a no-brainer for Lion users and beyond from now on.
Java Platform JDK 7u4, JavaFX 2.1, and Netbeans are available to download now, and support OS X 10.7. The Mac port of Java will also be maintained as open source under the OpenJDK project. (Source