Apple Patches Java Flaws, At Last

Apple on Monday shipped updates to plug more than two dozen security holes in its version of Java, including a particularly dangerous flaw that Java maker Sun patched back in early December.

Last month, Security Fix and others took Apple to task for taking too long to fix Java vulnerabilities. In fact, I found that Apple patches Java flaws on average about six months after Sun had shipped its own updates to fix the same vulnerabilities. At least two different researchers even released proof-of-concept exploits to shame Apple into quickly fixing an easy-to-exploit vulnerability that potential attackers had known about for six months.

This Java update appears to address most of the outstanding Java vulnerabilities. From looking at the common vulnerabilities and exposures (CVE) numbers attached to each of the flaws fixed by Apple's Java rollup, it looks like this update brings Mac OS X systems to the equivalent of Java 6 Update 13 (Sun recently released Update 14, but there don't appear to be any security related fixes in that bundle).

Mac users can grab the latest Java version via Software Update or directly from Apple's Software Downloads Web site.