About nine months ago, a security flaw was found in the Java Virtual Machine. The flaw allowed a malicious Java applet to execute arbitrary (read “unauthorized”) programs on your computer. This flaw affected all implementations of Java, including that on Windows, Linux, and of course Mac OS X. Because the implementations of Java for the “non-Macintosh” platforms come from Sun Microsystems, they were all fixed relatively quickly. The Mac version was finally fixed this week by Apple.
In the earliest days of Mac OS X, Apple bragged openly about how OS X would be a premier platform for Java. Just to show their commitment to Java, Apple penned an agreement with Sun Microsystems that prevents Sun from creating a Mac version of Java. Under the agreement, only Apple can release Java for OS X.
Apple having control of Java development for Mac OS X could actually be a good thing in some ways. For example, since it’s treated as an operating system component in OS X, Apple could be tweaking and tuning Java so that it performs optimally on their hardware and operating system. And, if Apple was keeping close tabs on Java security and patching its version quickly, Mac users would have the best of both worlds… a secure Java implementation that performs well on their OS and hardware. Unfortunately, this hasn’t been the reality – at least not for a while. As MacWorld’s Dan Moren reported back in May, “Apple should be more aggressive on security, rather than resting on the laurels of its safety record. That way, if an attack does come, the company won’t be caught with its virtual pants down.”