For years, Apple faced the same criticism for taking months to release to its customers Java updates already available through Oracle. In June, Apple appeared to change, releasing a Java patch the same day as Oracle for the first time. Apple doesn't comment on product security.
"Overall, Apple has been very fast in coming out with new versions of Java, which is a great security improvement over the past," Wolfgang Kandek, chief technology officer for Qualys, said by email.
Apple's response to Java vulnerabilities changed in April when 650,000 Macs worldwide were infected with the Flashback malware that exploited a Java flaw. Apple did not release a fix for six weeks after Oracle, giving cybercriminals plenty of time to build exploits and launch attacks.
Sign up for CIO Asia eNewsletters.