After Apple deprecated Java in 2010, the company committed to releasing updates to Java for Mac OS X 10.5 and 10.6. But as Steve Jobs pointed out in an e-mail, the way Oracle and Apple managed Java meant that “the Java we ship is always a version behind.”
Apple dropped Java from OS X 10.7 Lion, but, as we have seen recently, Java has been used as a vector in recent Mac malware attacks, with more than 600,000 Macs infected by the Flashback malware.
As Ars Technica reports, Oracle will be providing Java updates for Mac OS X directly in the future. No longer will Mac users need to wait for an Apple update, but they will have to find and install Java updates on their own. (Current Java updates, provided by Apple, are installed via Software Update. Oracle also provides an auto-update mechanism.)
Oracle provides 4-6 Java updates each year. Oracle has pointed out that this release does not include the Java browser plug-in, nor the Web Start application, but only the Java Runtime Environment. This means that, according to Ars Technica:
Until the Web plugin is available from Oracle, however, Mac users may still be vulnerable to attacks based on Java exploits. Users who don’t update to Oracle’s version and still rely on Apple’s deprecated version, could face a similar security vulnerability.
Mac users can download the latest version of Java here.