Apple has released Java for Mac OS X 10.5 Update 9 and Java for Mac OS X 10.6 Update 4. The updates effectively upgrades J2SE 5.0 to update 28 (Java 1.5.0_28) and Java SE 6 to update 24 (Java 1.6.0_24).
Multiple vulnerabilities exist in J2SE 5.0 update 26 (Java 1.5.0_26) and Java SE 6 update 22 (Java 1.6.0_22), the most serious of which may allow an untrusted Java applet to execute arbitrary code outside of the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are fixed in Java version 1.5.0_28 and 1.6.0_24.
Oracle previously released these updates for Java in February and these Apple updates are a result of these fixes trickling down to the official OS X release.
Apple have officially deprecated the Apple port of Java to OS X and it told developers to “not rely on the Apple-supplied Java runtime being present in future versions of Mac OS X”.
However they have (together with Oracle) announced the OpenJDK project for Mac OS X and that “Apple will contribute most of the key components, tools and technology required for a Java SE 7 implementation on Mac OS X, including a 32-bit and 64-bit HotSpot-based Java virtual machine, class libraries, a networking stack and the foundation for a new graphical client.”