News that Oracle will now provide Mac users with Java updates at the same time as they are available for Windows and Linux, has been celebrated, not least because it comes in the wake of the
Flashback Trojan, which gained access to a Mac via an unpatched Java vulnerability that had been patched in Java for other platforms, but also because it marks a coup for Apple CEO Tim Cook who as done what his predecessor, the late Steve Jobs, didn’t manage to do. He has managed to persuade Oracle to supply updates for Java directly to Mac users.
Back in October 2010 Apple removed Java from Mac OS X. Issuing a software update for Mac OS 10.5 and 10.6, Apple published a note saying: “As of the release of Java for Mac OS X 10.6 Update 3, the version of Java that is ported by Apple, and that ships with Mac OS X, is deprecated.”
At the time Jobs spoke out about his motivation for writing off Java on the Mac. He said: “Sun (now Oracle) supplies Java for all other platforms. They have their own release schedules, which are almost always different than ours, so the Java we ship is always a version behind. This may not be the best way to do it.” Oracle bought Sun in early 2010.
In other words, Jobs wanted Oracle (run by his buddy Larry Ellison) to issue Java updates for the Mac. The company already issued software updates for Windows and Linux, why not Mac. And why should Apple waste manpower on maintaining it’s own version of Java.
“This means that the Apple-produced runtime will not be maintained at the same level, and may be removed from future versions of Mac OS X. The Java runtime shipping in Mac OS X 10.6 Snow Leopard, and Mac OS X 10.5 Leopard, will continue to be supported and maintained through the standard support cycles of those products.”
Developers wanting to sell apps via the Mac App Store had to abandon Java components in their software as Apple wouldn’t approve such apps for the store. Like Flash, Java has never been supported on iOS. (Incidentally, Google and Oracle are currently in court over Google’s use of Java in Android.)
Announcing Oracle’s decision to maintain a version of Java for the Mac OS, senior director of product management in the Java Platform Group at Oracle Henrik Stahl said: “From this point on, every release of Oracle JDK 7 and JavaFX 2.1 (and later) will be available on Mac at the same time as for Linux, Windows and Solaris.”
Flashback uses an unpatched Java vulnerability to install itself on a Mac, a hole that Oracle, the developers of Java, had patched in Java for other platforms.
Apple eventually fixed the Java vulnerability with a Software Update release, though it seems likely that Flashback could have been avoided entirely with an up-to-date Java.