Computerworld – (International) Apple hustles, patches Java bugs same day as Oracle. June 11, Apple released a Java update for OS X on the same day Oracle patched the vulnerabilities for Windows and other operating systems. Apple issued separate updates for OS X 10.7, aka Lion, and OS X 10.6, or Snow Leopard, that quashed 11 bugs in each edition. Oracle, which maintains Java for Windows, Linux, and Solaris, shipped its update to patch 14 vulnerabilities. Of the three bugs Oracle fixed but Apple did not, two applied solely to non-Apple operating systems, Solaris, and Linux. It was unclear why the third was not included in Apple’s version. The sameday patching was unprecedented: Apple, still responsible for Java security updates for Lion and Snow Leopard, typically lags behind Oracle by weeks or months. That practice turned disastrous earlier in 2012 when Apple’s Java update lagged behind Oracle’s by 7 weeks. Hackers quickly infected an estimated 600,000 Macs with the Flashback malware by exploiting a Java bug that Oracle patched but Apple did not.
Ali Loney, on June 14, 2012