The recent Flashback Trojan revealed that Java development for OS X hasn’t kept up with Java for other platforms, specifically Windows and Linux. The malware installs itself on a Mac by using an unpatched Java hole, a vulnerability that Oracle had fixed in Java for other operating systems. Although Apple eventually released a Software Update to patch a Java hole exploited by the Flashback Trojan, multiple instances of infection still could have been avoided completely with a timely Java update schedule.
Hopefully, the virus won’t take advantage of Java vulnerabilities in the future. According to Ars Technica, Oracle is now offering Java updates, including every release of Oracle JDK 7 and JavaFX 2.1 or higher, to Mac users at the same time as they roll out for Windows, Linux and Solaris, starting with Java SE 7 Update 4. The information initially appeared in a blog post by Henrik Stahl, Oracle’s senior director.
The update brings in a number of enhancements, including JDK support for Mac, new JVM and G1 (new supported garbage collector). While JAXP has been bumped to version 1.4.6, SE 7 Update 4 also incorporates Java DB 10.8.2.2. The security area now features SPARC T4 specific crypto optimizations, while Commercial Features are unlocked with a new flag.
However, Stahl notes that the company doesn’t yet offer Java Plugin and Web Start, meaning that not all holes are patched. Mac users won’t be able to get Java Plugin and Web Start updates until JDK 7 Update 6, which will be Oracle’s next major milestone.
Java SE 7 Update 4 JDK is available on the company’s official website as a free download. To take advantage of the update, Mac users must run OS X Lion. Once the program is installed, Java updates automatically.