I make some assumptions I probably shouldn’t in this blog. In this case my flawed assumption was that readers would already have done the research, or would use the embedded links below to research the fixes and specifics of this malware. Feedback from readers indicates they’d rather have had more from me on the specifics of Flashback malware and more context. All I intended to point out below was that Apple wasn’t applying good practice in how they posted and documented updates. For those wanting more info on the issue, this is a great piece from Rich Mogull at Macworld.
There’s a lot of noise about Apple whenever they slip up. A bug in a piece of software, an adapter cable that can take only so much abuse. There’s often room for some debate about what’s a reasonable expectation of quality or even what’s really a problem.
There is an update to Java for MacOS that addresses a pretty serious Java security problem being exploited in the wild. (Info here, and here and here.) I’m not getting into how long it took to patch, pointing out that it’s good practice to leave Java off unless you need it on (ditto Flash), or that this is another good argument for running Little Snitch and ClamXav or similar tools. This is a much simpler issue.
This is a simpler more easily fixed concern: Apple needs to clean up it’s documentation and naming and it needs to be consistent.
This is the Apple Support Document for the Snow Leopard compatible version of the Java update: http://support.apple.com/kb/DL1516
This is the Apple Support Document for the Lion compatible version of the Java update: http://support.apple.com/kb/DL1515
The names of the updates in the two articles differ. “Update 7” for the Snow Leopard update vs “2012-001” for the Lion update.
The files the updates link for download are not only different but opaquely named. “JavaForOSX.dmg” for the lion update and JavaForMacOSX10.6.dmg for the Snow Leopard update.
This is broken.
How can support people, be they professional or ‘just helping dad’ hope to be able to recognize these updates, be confident they address the same issues, and don’t make possibly different (app-breaking) changes to the way Java behaves when the naming and descriptions are so vague and inconsistent?
Argue if you like that it has marketing value to name every MacBook Pro model released since the death of PowerPC a “MacBook Pro” or that “The New iPad” isn’t too-clever-by-half a name for the 3rd generation iPad but there’s no reason for creating this confusion.
It’s so easily fixed with a set of conventions published and enforced internally at Apple for consistent naming and documentation. Enforcing such consistency and publishing that set of conventions would be enormously useful for the legions of people who save Apple millions doing support for Apple’s products.