Apple released Java updates for Lion and Snow Leopard Tuesday—notably, the updates were released the same day that Oracle patched the software, as noted by Krebs on Security. All told, Apple patched 11 security flaws in the updates out of 14 patched by Oracle.
It’s not known whether the other three security flaws exist in the Mac version of the software, but it’s a significant step forward for Apple to release a Java update the same day as Oracle. The company has been heavily criticized for waiting days, weeks, and sometimes months to roll out security patches like these, and that seeming lackadaisical attitude was blamed as allowing exploits such as the Flashback malware to spread unnecessarily.
In the meanwhile, we offer the patch notes for Java for Mac OS X 10.6 Update 9, which is for Snow Leopard:
Java for Mac OS X 10.6 Update 9 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_33.
This update configures web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled “Inactive plug-in” on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.
Apple is currently listing Java for OS X Lion 2012-004 on its downloads site, but that link currently resolves to April’s Java for OS X Lion 2012-003. Until that little snafu gets fixed, you can download the 2012-004 directly from Apple’s Downloads site.
The one-line description on the Downloads list says simply:
Java for OS X 2012-004 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_33.
In both cases, the updates prevent Java applets from automatically running in your browser. Users will be able to reactivate automatic execution in the preferences, but the default option will be non-automatic execution.
Java for Mac OS X 10.6 Update 9 is a 76.34MB update from Apple’s Support site.
Java for OS X Lion 2012-004 is a 64.07MB download.