Just a day after reports spread about a Java-based Trojan horse that could install itself on your Mac without requiring that you enter a password, Apple has released Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7.
The updates, which are available for Mac OS X 10.6.8 Snow Leopard and 10.7.3 Lion (including both OSes' Server editions), patch multiple vulnerabilities in Java 1.6.0_29--including some that could allow malicious code to run on your Mac outside of the Java sandbox, triggered merely by your visiting a webpage containing the right nefarious code.
For full details on the update, Apple points to Oracle. The update patches no fewer than a dozen vulnerabilities, including the one exploited most recently in the newly-discovered Flashback Trojan horse variant. The security holes in question were patched for Windows users back in February; Apple has long been criticized for lagging behind Windows in such areas.
The patches are available from Apple's website or via Software Update.
This story, "Apple releases Java security updates" was originally published by Macworld.