Apple has released a new Java security update, fixing a dozen vulnerabilities. This 67 MB update is available for Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion 10.7.4 and OS X Lion Server 10.7.4, and updates the version of Java to 1.6.0_33. Apple describes these bugs as follows:
Multiple vulnerabilities exist in Java, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
Apple also notes that “These updates include the security content from Java for
OS X 2012-003 and Java for Mac OS X 10.6 Update 8.”
More information about the vulnerabilities fixed in this update is available from the Oracle website.
Users can download this update via Software Update, or from Apple’s Downloads page.