Apple today issued a Java update for OS X Lion and Snow Leopard to make it more difficult for hackers to exploit other vulnerabilities.
The update brought Java 6 up to par with Oracle's version 35,which it released last Thursday,Aug.30.Oracle's so-called"out-of-band,"or emergency patch,fixed three bugs in Java 7 that hackers had already begun exploiting,and made one change to Java 6.
"[The latter]represents a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited,"Oracle said in its advisory of a week ago.
Apple was required to provide the defense-in-depth update because it still maintains Java 6,which it bundled with 2009's OS X Snow Leopard and offered to users running 2011's Lion as an optional download when they encountered a Java applet on the Web.
However,Apple is not responsible for Java 7;the company handed back control of the software to Oracle in 2010.The OS X patches for the three Java 7 flaws,then,were produced by Oracle and shipped last week alongside the fixes for the Windows version of Java 7.
Today's Java patch was the first Apple update for OS X Snow Leopard since June 12.Although Snow Leopard still powers about a third of all Macs,Apple has likely halted security updates for that edition.If Apple follows past practice,it will continue to update a small group of homegrown and third-party components--iTunes,Java,QuickTime and Safari--in Snow Leopard for several months.
Java 6 version 35 can be downloaded from Apple's website for OS X Snow Leopard and Lion.Users running Java can also wait for Software Update to notify them that the Java download is available.
