Eleven exploits patched, previous security content included

The Java runtime environment has been updated for both OS X Snow Leopard 10.6.8, and OS X Lion 10.7.4. While Apple historically doesn't discuss specific security updates, this package updates Java to version 1.6.0_33. All previous security fixes are included, such as the Flashback removal tool and automatic disabling of the Java plugin when it has been idle for 35 days.

The Apple release notes on the patch specify that "multiple vulnerabilities" can be found in Java. Users visiting a web page that has a maliciously-crafted untrusted Java applet, says Apple, "may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_33."

With this update, 11 CVE, or Common Vulnerability and Exposure, codes have been rectified. Details of Apple-specific fixes have not been made known. Java for versions of OS X prior to Snow Leopard are not being updated.

by MacNN Staff