Oracle provides Java fixes directly to Mac users
The recent Flashback Trojan exposed a problem that OS X has with Java—specifically, that the development of Java on the Mac hasn’t kept pace with the Java for Windows or Linux. Flashback uses an unpatched Java vulnerability to install itself on a Mac, a hole that Oracle, the developers of Java, had patched in Java for other platforms. Apple eventually fixed the Java vulnerability with a Software Update release, though you can't help but think that Flashback could have been avoided entirely with an up-to-date Java.
Hopefully, exploited Java vulnerabilities will be a thing of the past. As reported by Ars Technica, Oracle is now giving Mac users the ability to get Java updates at the same time as they are available for Windows and Linux with the release of the Java SE 7 Update 4. According to a blog post by Oracle’s Henrik Stahl, “From this point on, every release of Oracle JDK 7 and JavaFX 2.1 (and later) will be available on Mac at the same time as for Linux, Windows and Solaris.”
Stahl’s blog post mentions, however, that “the Java Plugin and Web Start are not yet available,” so not all the holes are fixed. According to Stahl’s post, we won’t see updates to the Java Plugin and Web Start until, “the next major milestone,” JDK 7 Update 6.
You can download the Java SE 7 Update 4 JDK yourself and install it—the update requires Mac OS X Lion. Once installed, Java updates are automatic.
[Hat tip: Ars Technica]