updated 09:30 pm EDT, Fri May 4, 2012
Getting out of its own version entirely
Apple is now preparing a pair of Java 6 runtime updates for OS X 10.6 and 10.7 that will mark the last Apple-custom versions of Java, handing over all future development and responsibility for Java on the Mac platform directly to Oracle. Apple had already stopped shipping a default version of Java with new Macs beginning with the release of Lion last summer, but had made in-house versions available to Lion users as well as continued supporting the Snow Leopard version.
Most recently, Apple was forced to quickly issue a series of updates to Java in order to curb the spread of the Flashback.K malware, which (unlike previous versions handled by OS X's built-in malware protector) used an exploit in the Mac's unpatched Java SE 6 runtime to gain admin privileges without the user being aware or involved. It was the most serious exploit to reach Mac users, though the actual threat was minimized by swift action on the part of authorities to shut down the servers controlling the Trojan.
Oracle, for its part, had already patched the exploit in its own release a number of weeks earlier, and Apple has not offered an explanation about why it was slow to update its own version, leaving many Macs vulnerable. Despite the coincidence, plans were long underway for Apple to disengage from making its own versions of the Java runtime before the Flashback incident occurred.
Starting with the consumer release of Java 7 later this summer, Oracle will make its own version directly available to Mac users, though support is expected to be limited to just Intel Macs running 10.6 or later. Going forward, Oracle will be responsible for making future updates available to Mac users. A Java 7 development kit is already available for developers.
The final Apple updates will add support for co-existing with any future Java 7 runtime, and implement the automatic disabling of the Java web plug-in after 35 days of non-usage. Consumer use of Java has dropped precipitously in recent years, though a number of game sites and enterprise sites still make heavy use of it. When a user encounters a website that relies on Java, a pop-up dialog automatically asks if the user would like to download or activate (as needed) the Java web plug-in.
The new updates, expected soon, will be known as "Java Update 9" on Snow Leopard and "Java Update 2012-004" on Lion. Users on older OS versions are advised to disable Java entirely on their machines, as their versions have not been upgraded to protect them from the existing exploits.