Apple unbundles Flash Player from Mac OS X; Java next

Word is out that Apple will ship all new Mac OS X machines without Adobe Flash Player pre-installed.

Daring Fireball's John Gruber brings us news that Apple will ship all new Mac OS X machines without Adobe Flash Player pre-installed.

Apple has already started shipping the new MacBook Air models without the Flash Player installed and Gruber reports the company plans to nuke the software from all new machines.This follows an announcement that the Apple-produced Java runtime will not be maintained may also be removed from future versions of Mac OS X.

The decision to remove Flash Player and Java from the Mac operating system is most likely driven by security considerations. Apple has had problems in the past with keeping up to date with both Flash Player and Java security patches.

I asked Mac security guru Dino Dai Zovi for his response to the news that Oracle Sun's Java software may be removed from future versions.  Here's his response:

follow Ryan Naraine on twitter

In the early days of Mac OS X, Java was treated as an equal alternative to Objective-C for application development with a Cocoa-Java bridge.  This was deprecated in 10.4, however. Since then, Java has largely been supported primarily for web-based Java applets.

These days, Java applets are primarily used to install malware on Windows machines, but they may also be used for interactive features in web applications that HTML alone cannot provide.  Apple has historically had a several month lag-time in releasing security updates for the Apple-maintained port of Java, which puts Mac users at risk from exploits of these publicly known vulnerabilities over this time.  Apple has clearly decided that it is no longer worth their effort to maintain this port themselves and would rather let Oracle assume that responsibility.

I think Apple users would be safer with Java being an optional third-party install as it is rarely needed on the modern web and this would not subject Mac users to the window of vulnerability before Apple is able to release their Java security updates.

Makes total sense.

Show Comments