Recent Apple Java Update Doesn't Fix Critical Java Flaw Claims Researcher 102
hypnosec writes "Just yesterday Apple released updates to fix Java vulnerabilities, but it seems the patch doesn't actually target the recently discovered high-profile Java bug that has been the talk of the web during the last two weeks. The two updates – Java for OS X 2012-005 for OS X Lion and Java for Mac OS X 10.6 Update 10 for Mountain Lion, are meant to tackle the vulnerability described in CVE-2012-0547. But according to KerbsOnSecurity, it seems Cupertino hasn't addressed the recent mega-vulnerabilities in Java as described in CVE-2012-4681."
Update: 09/07 12:00 GMT by S : As readers have pointed out, these updates address flaws in Java 6, which is the version Apple maintains. The recently-reported Java vulnerabilities primarily affect Java 7, the patching of which is handled solely by Oracle. Nothing to see here.
Re:Huh? (Score:5, Interesting)
How is it hyperbole? Look at Secunia. There are more than 1000 vulnerabilities between the combined versions of the JVM. They average around 200 per version which is actually worse than Flash player.
Re:Huh? (Score:4, Interesting)
I stand corrected, About 18 months ago, I was writing the installation docs for a Java application that had to run on Mac, and I went to rather a lot of trouble to find out how to configure Java on the Mac. (The main reason I got the job: they'd had bad experiences with users on various platforms who didn't understand Java runtime idiosyncrasies.) I was actually quite impressed by the way OS X support for Java worked — very elegant and carefully thought out,
Now I suppose my work will have to be thrown out and replaced by the cruder procedures Oracle uses. Oh well.
Re:Java blows (Score:3, Interesting)
What would you like to know, specifically? Note that the 2D UI is a minor part of the application, and a "Filthy Rich Client" (Google if you don't understand this term) Swing startup is perfectly fine to start the JoGL/OpenGL main UI.
> Because it sounds a bit ... exaggerated.
This is why I am taking to point out that Java is more than adequate for 3D gaming (since all the important stuff runs on the GPU anyway). I find it lamentable that Slashdotters are so anti-Java (and have out of date perspectives) they simply cannot comprehend that modern JVMs are not only as good as C++ for gaming, they are superior in my experience as a indie game developer (for a hard-core simulation; eg. multi-threaded resource sharing in Java is so much easier than in C++ when you are targetting multiple-platforms). I understand that existing game devs with existing C++ pipelines and assets aren't interested in Java, but new games development should seriously consider it - expecially if you want to be as massively profitable as Java games like Minecraft are.
Re:Java blows (Score:3, Interesting)
Sorry, QT is vile and unnatural, IMHO. Effective sure, but unnatural for those used to proper Object Oriented UI toolkits (eg. back in the day Borland's OWL, Swing etc).
The C++ code itself is nothing. What matters is that for each platform you target you need different libraries, and each library has its own idiom. Then you end up contorting your architecture for each set of libraries you are trying to integrate. This is not impossible (I've written lots of portable, complex C++ in the last two decades) but I can tell you it is *vastly* easier, more consistent, and I would argue more performant (since the time I save not fixing dumb C++ loopholes I instead spent optimizing my Java) to use Java.
Flightgear is an admirable bit of software. I looked at extending it but realized after two decades of C++ and a decade of Java I knew which language to base a new *reliable* multi-player, multi-core product on.
So I understand your advocacy for C++. You can certainly accomplish useful stuff in it (and I have). However, I would never start a new forward-looking project in it. Java becomes the better choice for new heavily multi-threaded stuff, IMHO. (and yes, that includes rich clients, which can me made to look amazing using the "Filthy Rich Client" Swing techniques and OpenGL/JoGL).