Apple updates Java 6 for Snow Leopard

Apple updates Java 6 for Snow Leopard

Summary: Apple has offered a Java fix for users of one of its older OS X operating systems.

TOPICS: Security, Apple, Oracle

An update for Java SE 6 for Snow Leopard has fixed multiple vulnerabilities and resolves a block Apple placed on browser plugins for the software.

Java 6 Update 12, released on Friday, clears last week's unannounced block by Apple on browser plugins for the latest versions of Java 6 and 7.

The update configures web browsers to not automatically run Java applets and fixes 30 vulnerabilities in 1.6.0_37 shared with Oracle's Java 7 Update 11. The Java 7 flaws were fixed in Java 7 Update 13.

Read this

How to disable Java in your browser on Windows, Mac

How to disable Java in your browser on Windows, Mac

Amid a serious security flaw in the latest version of Java 7, where even the U.S. Department of Homeland Security has warned users to disable the plug-in, here's how you do it.

While Mountain Lion and Lion users could apply Oracle's Java 7 Update 13 last Friday, Snow Leopard users rely on Apple for updates to Java 6: last August, Oracle took over the maintenance of Java for OS X for Java 7 Update 6 onwards; however, Java 7 is not supported on Snow Leopard and as of this month Oracle will stop providing updates for Java 6 altogether.

Apple's unannounced block on Java browser plug-ins last week caught some Mac users that run Java applications by surprise. The move by Apple marginally pre-empted an unexpectedly early critical patch update by Oracle, two weeks ahead of its scheduled 19 February release.

Oracle's director of software security assurance Eric Maurice said in a blog post its February update had been accelerated in response to active exploitation of one of the 44 vulnerabilities affecting the Java Runtime Environment in desktop browsers.

Maurice said that this latest update from Oracle demonstrated the company's intention to "accelerate the release of Java fixes" because Java in browsers, being OS-independent, is an attractive target for hackers.

A recent analysis by Russian security firm Kaspersky Lab found 41 major versions of Java 6 and 7 being used, many of them containing flaws that were being exploited. Around 30 percent of users failed to update Java to the latest edition by the time a new update was released, its researchers said.

Topics: Security, Apple, Oracle

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Ok

    Great, the one guy who owns Snow Leopard and understands Java will be happy.
    Sean Foley
    • Java updates..

      Yepp!!! I actually do. (own and understand that is!)

    • Using 10.6.8 on thousands of computers

      Many larger entities must do extensive testing on OS updates to be sure they don't break enterprise software for one. This means they are often 1 to 2 update cycles behind so this is a very helpful Java fix.
    • Use of Snow Leopard

      Due to the lack of Rosetta and the unwillingness of replacing perfectly good software for OS updates that really do nothing for desktop Mac Pro users, a lot of people and companies are still using Snow Leopard. A safe version of Java is needed. Not all users will jump on to the next new shiny Mac OS as you suggest. An update to Lion or Mountain Lion would cost us about $1,500.00 per computer to update software that does not need updating just because Apple stripped Rosetta from Snow Leopard. Do not speak for all that use proprietary software.
  • Not for Lion 10.7?

    I use an old, unsupported internal java web service every day (the supported replacement requires IE). I have avoided Java 7 since 6 works fine on Lion and certain versions of 7 do not run the service. I am disappointed Apple didn't update Java 6 for 10.7 Lion one last time.