Apple releases Java security updates
It’s probably safe to turn your Mac on again. Just a day after reports spread about a Java-based Trojan horse that could install itself on your Mac without requiring that you enter a password, Apple has released Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7.
The updates, which are available for Mac OS X 10.6.8 Snow Leopard and 10.7.3 Lion (including both OS’s Server editions), patch multiple vulnerabilities in Java 1.6.0_29—including some that could allow malicious code to run on your Mac outside of the Java sandbox, triggered merely by your visiting a webpage containing the right nefarious code.
For full details on the update, Apple points to Oracle.
The update patches no fewer than a dozen vulnerabilities, including the one exploited most recently in the newly-discovered Flashback Trojan horse variant.
The security holes in question were patched for Windows users back in February; Apple has long been criticized for lagging behind Windows in such areas.
The patches are available from Apple’s website or via Software Update.