As promised, Apple released an update for Java on Tuesday that addresses an exploit used to attack some of Apple's own Macs. Java for OS X 2013-001 1.0 updates Apple's Java implementation of Java SE 6 to version 1.6.0_41, and is being released for OS X Lion and Mountain Lion.
Earlier, Apple acknowledged that Macs used on campus had been attacked via a Java exploit, telling Reuters the attack was from the same group that recently attacked Facebook. Apple promised a Java update that addresses the issue later in the day, and here we are.
We should note that this update affects only the runtime install provided by Apple for running full Java applications. This update does not affect the browser plugin for applets supplied by Oracle. That is at version 1.7.0_13. For details on the differences between these two versions of Java, refer to our coverage by John Martellaro.
Apple's patch notes in full:
This release updates the Apple-provided system Java SE 6 to version 1.6.0_41 and is for OS X versions 10.7 or later.
This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a webpage, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle.
This update also removes the Java Preferences application, which is no longer required to configure applet settings.
The update is available the Mac App Store.