(LiveHacking.Com) – Almost six weeks after Oracle updated Java for the Windows platform, Apple has released the same Java fixes for Mac OS X 10.7 and 10.6. According to the security advisory the update includes a fix for a serious vulnerability which “which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.” This is of course referring to the Java concurrency vulnerability which is being used by the BlackHole exploit kit on Windows and the Flashback malware on OS X.
According to Apple, Macs can become infected with malware which exploit this bug just by visiting a web page containing a maliciously crafted untrusted Java applet. Since the vulnerability allows hackers to break out of the sandbox Apple note that this “may lead to arbitrary code execution with the privileges of the current user.”
Thankfully the update is available for OS X 10.6 Snow Leopard as well as 10.7 Lion. There were concerns that Apple would silently drop supporting 10.6 as it has done for 10.5. OS X Leopard as it was known runs on Intel Macs but Apple insist on users upgrading. Recently Apple dropped 10.6 as a viable platform for developing iOS applications when it didn’t release the iPad 3 SDK for that version. The full list of OS X versions supported with the update are: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, Lion Server v10.7.3.
Once you have updated open Terminal and type “java -version” to check the Java version number, you should see “java version 1.6.0_31” if the upgrade was successful.
This release updates Java to Java version 1.6.0 31 and Apple are recommending that users read the Java website at http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html for more information.