Apple released an update for Java for OS X 10.5 Update 4 OS X 10.4 Release 9 to fix a vulnerability in Java for OS X which could allow a remote user to take control over your system through malicious Java code. According to Apple Insider, this vulnerability could leave users open to ‘drive by’ downloads. No cases had been reported of users been actually harmed by this security flaw though.Although Apple was aware of this vulnerability since January, the update as released yesterday. Also fixed were some vulnerabilities in Aqua Look and Feel for Java implementation for Java 1.5 which effected OS X 10.5.7 and later. The updates can be downloaded from here.
This is not the first time that major security issues have been found in Java. Even though Apple continues updating the runtime, it is high time that developers stop relying on it. No Java based app can compete with native Mac APIs, when it comes to native design, performance and security. If developers do not think that these things are important to the users of their apps, you should instead support developers who do. It’s issues like these that make use glad that Apple did not include Java or Flash as runtimes in iOS for iPhone.
We do not expect Java to die anytime soon as it is used extensively across the industry, at an enterprise level. But we do not believe that the average user should be paying for apps that are developed for Java. Let the developers put in more effort in their apps by using native APIs, whether the app is for Windows or Mac, so that users do not have to install insecure runtimes that can potentially compromise their data. Easy cross-platform development is simply not a good enough excuse anymore to get hard earned money from consumers.