May 10

Apple Ships Java Security Update

Apple has pushed out an update that fixes at least 30 security vulnerabilities in its version of Java for Mac OS X systems.

The patch appears to fix a flaw in Java that Oracle shipped more than a month ago that attackers were using to install malicious software on Microsoft Windows systems.

Updates are available for Mac OS X v10.5.8 and Mac OS X v10.6.3 or later, via Apple Downloads or Software Update. The new release brings Java on the Mac to the current version, Java 6 Update 20.

Tags: , ,


  1. You’ll need Java if you want to know the official US time. The website time.gov requires it, otherwise I’ve never found much use for it.

  2. In Mexico are taking commercial where they say that these machines do not have vulnerabilities

    • Dear amacs;

      Good to see your comments here on Brian’s site. We get the same commercials here. They are misleading, but fortunately Mac malware is quite rare.(for now)

      • I think the ads say something like “without thousands of viruses and tons of headaches”that Windows machines have.

        It doesn’t say “any viruses or headaches” just not thousands and tons.

        That being said, I’ve not seen any Mac OS X viruses yet.


        • There have been attacks, both in the lab and in the wild – Inq.Tana, Oompa Loompa, Opener, the trojans put in Apple downloads hosted elsewhere than Apple – but they haven’t exactly been widespread. Apple and Unix have a long way to go if they want to compete with Microsoft in that category.

  3. My web based personal weather station won’t work without java; so it is critical to me, as I live in an agricultural area and have farm income.

    Plus I rely on it for tornado warnings; it has saved my life once. I call that critical for sure.

  4. “The new release brings Java on the Mac to the current version, Java 6 Update 20.”

    On my MacOS 10.5.8 boxes, the update installs 1.5.0_24.

    Oracle stinks, by the way.

    I wonder how long it will take them to start charging for Java updates the way they did with Solaris (no more free access to security updates).

    • Java Installer/Up-grader already aggravates me since it bundles with Google Toolbar, Bing, Yahoo! Toolbar and others, trying to get a distracted user not to bother un-checking the (always by default enabled) box.
      From here to remove completely the choice of not installing unwanted-ware is just a step, and some companies already made it. (Adobe is actively making harder and harder to install their reader without Adobe DLM (and Adobe AIR).

  5. I can’t remember when last anyone we know used Java.

  6. That is how 9/11 happened, believing it wouldn’t or couldn’t happen when it already had, certainly not as large and tragic, but why wait for the worst if you can prevent it.