Oracle to maintain Mac Java
By Stephen WITHERS
It looks like the delays between the release of new versions of Java and their availability for Mac OS X will soon be a thing of the past.
Oracle has now released Java Development Kit (JDK) 7 and the JavaFX 2.1 Software Development Kit (SDK) for Mac OS X.
"Mac OS X is major new platform for us; the first new platform added in a very long time. It should be considered a '1.0' release and there are a number of known issues," said Henrik Stahl, senior director of product management at Oracle's Java platform group.
JDK 7 includes the Java Runtime Environment and hence the Java Virtual Machine, which are the parts of interest to Mac users who just need to run Java applications and applets.
The main user release won't happen until JDKu6, which is expected after the release of OS X 10.8 Mountain Lion. Apple has never (to the best of my knowledge) articulated a formal policy about supporting older versions of the operating system, but in practice it has only released updates for the current and immediately previous version. Oracle is taking a similar approach with Java for Mac, so Lion will be the earliest supported version.
The good news is that according to Stahl, "From this point on, every release of Oracle JDK 7 and JavaFX 2.1 (and later) will be available on Mac at the same time as for Linux, Windows and Solaris."
This doesn't mean there will be no exploitable Java vulnerabilities in future, but it does mean that we shouldn't see a repeat of Flashback.K which exploited a vulnerability that became public knowledge when it was fixed in an update for Oracle's Java. That hole was left open for several weeks, although Apple's Java update appeared just a few days after Flashback.K.
Flashback.K was particularly effective because it used a true drive-by exploit. Once a web browser opened an 'infected' page, the malware was installed regardless of the user's subsequent actions unless security software that recognised the malware was running.
Well over 600,000 Macs were thought to be infected, with a search ad hijacker installed by Flashback.K estimated to have garnered as much as $10,000 per day for its perpetrators.
|Subscribe to Hydrapinion|