Apple Joins Oracle, IBM on OpenJDK. By. Apple announced on Friday plans to work with Oracle on the project to provide a Java SE 7 implementation on Mac OS X. According to a joint announcement from the two companies, Apple will contribute 'most of the key components, tools, and technology required' for that implementation, including a 32-bit and 64-bit HotSpot-based Java virtual machine, class libraries, a networking stack, and the foundation for a new graphical client. 'OpenJDK will make Apple’s Java technology available to open source developers so they can access and contribute to the effort,' the companies said. OpenJDK is the free, open source implementation of the Java Standard Edition (Java SE) specification, licensed under the GNU General Public License (GPL) with a linking exception.
(The GPL linking exception exempts components of the Java class library from the GPL licensing terms.).
Security experts are split over whether Apple's decision to is a good deal for Mac users. On Friday, Apple announced it would join Oracle's and contribute 'most of the key components, tools, and technology required for a Java SE 7 implementation on Mac OS X.'
Discover the key Mac, iOS, and Apple tech trends for business users. Read InfoWorld's. Stay up to date with. Get. The move followed Apple's earlier decision to 'deprecate' Java - in other words, to stop bundling the software with Mac OS X - in future versions of the operating system.
On Friday Apple committed to continue shipping Java SE 6 with Mac OS X 10.6, aka Snow Leopard, and in the next edition, Mac OS X 10.7, known as Lion. The latter is set to launch in the third quarter of 2011. Apple will also patch Java SE 6 in those operating systems. But Java SE 7, and all later versions of the software for Mac OS X, will come from Oracle, not Apple. One security researcher thinks that would make Mac users less secure in the long run. 'Instead of having to worry about one thing being updated - the operating system - users will now have to worry about three things being kept up to date: the OS, Java and Flash,' said Charlie Miller, an analyst with Baltimore-based Independent Security Evaluators (ISE) and co-author of. 'This is what people on Windows have done, and I think history shows that people aren't very good at keeping these up to date,' said Miller in an email reply to questions about Apple deprecating Java.
'Until now, out of the box, the browser could handle just about anything since Java and Flash were installed. Just updating the OS kept these up to date. In the future, the browser won't handle many popular sites and if you download the plug-in, you have to worry about it getting out to date.'
Apple has also decided to, which like Java has been pre-installed on Macs. Apple has provided patches for Flash Player as part of its normal security updates, but may discontinue that practice as well. Dino Dai Zovi disagreed with his The Mac Hacker's Handbook co-author. 'If Apple can't release patches at the same time that Oracle does, they should let Oracle do it,' said Dai Zovi, a New York-based security consultant.
Has been repeatedly knocked for Java and Flash vulnerabilities that and Adobe had fixed long before. Dai Zovi pointed out that of the three most-exploited Java vulnerabilities in Windows, two could be used by attackers against Mac OS X with little modification. 'In both cases, Apple released a patch for their Java in three to four weeks,' he said. 'This is after the vulnerability is public and penetration testing frameworks may release working exploits for them.' Last month, 's malware center said it has tracked an of exploits targeting Java bugs in the first nine months of the year.
According to a manager at Microsoft's Malware Protection Center (MMPC), attempts to exploit Java bugs have skyrocketed in the past nine months, climbing from less than half a million in the first quarter of 2010 to more than 6 million in the third quarter. A few days later, Wolfgang Kandek, the CTO of Qualys, said his company's data showed that 40% of the people running Java were using an. Kandek called on Oracle to work with Microsoft to distribute Java patches using the latter's Windows Update service. Mac users should just say good riddance to Java, Dai Zovi added. 'Most Mac users do not need or even use Java, and this will make them safer than having large window of vulnerability in a plug-in that is being actively attacked through exploits that can easily be adapted to target Mac OS X,' Dai Zovi said. In an email late last month, Dai Zovi called the Apple and Oracle deal weeks before Friday's announcement.
'I expect Oracle to completely neglect the Mac OS X port of Java and perhaps rely on the community-supported OpenJDK to serve these users for them,' Dai Zovi said on Oct. 27 in response to Computerworld's questions about Java. 'I hope that Oracle would manage a Mac OS X port as a first-class citizen, but I'm not holding my breath.' Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at or subscribe to.
His email address is. In Computerworld's Security Topic Center. This story, 'Does Apple's Java move mean a less secure Mac?'
Was originally published.