Apple has released the Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6, for Lion and Snow Leopard, respectively. These updates patch 17 vulnerabilities, and increment Java to version 1.6.0_29. Full release notes are available on the Oracle web site and on Apple’s web site.
Apple says the following about these updates:
Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
These updates are available via Software Update, or from Apple’s Support Downloads page. With Lion, Apple does not provide Java in the standard installation, but rather users are prompted to download it the first time it is needed. It is not clear whether this update will show up in Software Update for users who don’t have Java already installed.
