Java for Mac from Oracle fixes flaws

Mac malware reports are becoming increasingly common and although the numbers of Macs infected with viruses, Trojans and other nasties is quite small compared to Windows, in percentage terms it is actually quite large. There aren't as many Macs around as Windows PCs, so when you hear reports of 700,000 Macs infected by the Flashback Trojan (says Kaspersky), it is much more serious than you might think. There is actually more chance of being infected than if you had a Windows PC. Now there's an interesting thought!

There is another type of Mac malware out there in the wild and it has the snappy name of Backdoor.OSX.SabPub.a. According to Kaspersky, it is a backdoor program that connects to a server on the internet to get instructions, takes screen shots of the current session and executes commands. It is another Java exploit, so make sure you have used Software Update on the Apple menu to get all the latest updates.

Part of the problem with Java on the Mac is that it's an Oracle product that Apple customises. When a security flaw is found, it may be fixed quite quickly by Oracle and released for Windows and other operating systems, but unfortunately not for Macs. Instead we have to wait for Apple to get around to including the latest fixes in its custom version of Java and including it in Apple Software Update. It can be months before Apple updates its version of Java and this is a window of opportunity for malware authors. They can exploit the unpatched flaw and infect Macs quite easily. This is what happened with Flashback and Oracle fixed it, but Apple was very tardy in passing on the fix to Mac users.

If you go to www.java.com and try to download Java it just tells you to use Software Update on your Mac. You can't download Java directly. However, this situation is changing and Oracle has announced Java SE 7 Update 4 and JavaFX 2.1 for the Mac. This is a Java and JavaFX software development kit, a Mac first from Oracle, and a sign that things are changing. Now you probably don't want the full development kit, but Oracle has announced that a consumer version of Java SE 7 and the Java Runtime Environment will be available later in the year. This will auto-update directly from Oracle as soon as security patches or new versions become available. It's good news for Mac users.