

Apple updates Java for a third time, this time with Flashback malware removal - doty
http://arstechnica.com/apple/news/2012/04/apple-updates-java-for-a-third-time-this-time-with-flashback-malware-removal.ars

======
ajross
Why is the removal tool being executed via an upgrade of the JVM? Seems like
lots of users (enterprise sites especially) would want those separated.

~~~
warpspeed
Because creating an update named "Flashback Malware Removal Update" would
admit that Macs can be infected with malware- something Apple has taken great
lengths to gloss over.

~~~
alanh
Citation needed. Apple _has_ admitted that the malware exists.
<http://support.apple.com/kb/HT5244>

Not to mention that this JVM update’s description, immediately visible if you
show updates before installing them, directly mentions the Flashback malware.
Not exactly my definition of pretending it isn’t out there.

Also suspect: implication that competitors are less likely to “gloss over”
their own products’ vulnerabilities to whatever extent Apple may be.

~~~
warpspeed
Admitting something in a support document and naming the update as such are
two very different gestures. I guarantee that less than 1% of their user base
will ever see that support doc- really most users don't even look at the names
of the updates.

I see it as the equivalent of fine print. Yes, it's technically there, but
just like you won't see "5% Juice!" in bold print on the front of Sunny D,
Apple isn't exactly trying to bring it to the user's attention. Hence, they're
combining it into the Java update.

Besides, this is in response to "why do you think Apple combined this with the
Java update," and I'm replying with an opinion. No need to jump all over my
case with "citation needed" and a downvote.

