The recent Flashback Trojan exposed a problem that OS X has with Java -- specifically, that the development of Java on the Mac hasn't kept pace with the Java for Windows or Linux. Flashback uses an unpatched Java vulnerability to install itself on a Mac, a hole that Oracle, the developers of Java, had patched in Java for other platforms. Apple eventually fixed the Java vulnerability with a Software Update release, though you can't help but think that Flashback could have been avoided entirely with an up-to-date Java.
Hopefully, exploited Java vulnerabilities will be a thing of the past. As reported by Ars Technica, Oracle is now giving Mac users the ability to get Java updates at the same time as they are available for Windows and Linux with the release of the Java SE 7 Update 4.
[ InfoWorld's Woody Leonhard says Apple's Tim Cook wins where Steve Jobs failed: On Java. | Discover what's new in business applications with InfoWorld's Technology: Applications newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
According to a blog post by Oracle's Henrik Stahl, "From this point on, every release of Oracle JDK 7 and JavaFX 2.1 (and later) will be available on Mac at the same time as for Linux, Windows and Solaris."
Stahl's blog post mentions, however, that "the Java Plugin and Web Start are not yet available," so not all the holes are fixed. According to Stahl's post, we won't see updates to the Java Plugin and Web Start until, "the next major milestone," JDK 7 Update 6.
You can download the Java SE 7 Update 4 JDK yourself and install it -- the update requires Mac OS X Lion. Once installed, Java updates are automatic.
Hat tip: Ars Technica
This story, "Oracle provides Java fixes directly to Mac users" was originally published by Macworld.