RED-FACED APPLE has admitted that its Leopard operating system has an ancient version of Java that's an open door to hackers.
The Java flaw is important and the patch can be downloaded from Apple. Basically it allows a hacker to take control of the user's machine if they visit a dodgy webpage. Normally Apple waits six months before releasing Java security patches, so it must have thought this one was bad.
What is less amusing is that Apple has shafted those people who are still using Tiger by not providing a patch for the older operating system. Perhaps the idea is that it will force people to pay their Apple tax to upgrade. Of course in the case of Snow Leopard it also means that it will break all those Tiger machines which use non-Intel chips, so it is a win-win for Jobs' Mob.
The patch updates Leopard to Java versions 1.6.0_15, 1.5.0_20, and 1.4.2_22, which Java creator Sun Microsystems released on 5th August.
Apple, which has been flogging its own products on the basis that they are more secure than Microsoft, is fast becoming the laughing stock of the security industry.
The Cappuccino-based outfit seems to have rushed to gets its Snow Leper out the door in a desperate bid to put a spoiler on Windows 7's launch. Not only do some important applications fail to work because third party developers were not ready, but it seems that Snow Leopard shipped with known security holes.
It turns out that Apple shipped Snow Leopard with an old version of Adobe's Flash Player that leaves users vulnerable to software exploits embedded in dodgy Flash videos.
Sophos' media friendly insecurity analyst Graham Cluley said in his blog that Mac users who applied security patches did not deserve to have their security downgraded because they upgraded to Snow Leopard. µ
'Some of us like the misery'
That'll surely affect its credit score