Apple Releases Java Update for Lion & Snow Leopard

Apple released Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Tuesday, releases that bring Java SE 6 to version 1.6.0_29. That update includes fixes to several security flaws that existed in the previous version of Java.


The patch notes for the release say next to nothing about the contents of the update, but the security update notes (which haven’t yet been posted to Apple’s support site) include the following:

Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29.

Those security flaws include:

  • CVE-2011-3389
  • CVE-2011-3521
  • CVE-2011-3544
  • CVE-2011-3545
  • CVE-2011-3546
  • CVE-2011-3547
  • CVE-2011-3548
  • CVE-2011-3549
  • CVE-2011-3551
  • CVE-2011-3552
  • CVE-2011-3553
  • CVE-2011-3554
  • CVE-2011-3556
  • CVE-2011-3557
  • CVE-2011-3558
  • CVE-2011-3560
  • CVE-2011-3561

The update you need should show in Software Update. The update for Lion is a 65.7MB download. Apple has not yet listed the downloads on its Support Downloads site, but they should appear there before the day is out.

A restart is not required (at least for the Lion version).