Along with the anti-Java plug-in maneuver, Apple also shipped two Java updates, dubbed Java for Mac OS X 10.6 Update 11 and Java for OS X 2012-006, that patched 20 critical vulnerabilities on OS X Snow Leopard, and OS X Lion and Mountain Lion, respectively.
Oracle patched the same 20 bugs -- and 10 more for good measure -- on Wednesday for Windows. The firm updated Java 5, 6 and 7 for Windows, and Java 7 for OS X.
Adam Gowdiak, founder and CEO of Polish security firm Security Explorations, reported most of the bugs that Oracle patched yesterday.
Gowdiak has found other Java vulnerabilities in the past. Earlier this year he reported more than a dozen. Months later, hackers independently uncovered one of the bugs, then began using it in widespread attacks during August.
But neither Oracle or Apple addressed the critical zero-day vulnerability that Gowdiak submitted to Oracle late last month. The flaw impacted OS X as well as Windows versions of the software.
According to Gowdiak, Oracle told him it had received the bug report as it was wrapping up testing of the Oct. 16 update, and was unable to work up a fix in time. "Oracle confirm[ed] that it is on track to deliver fixes for [this bug] in the next Java SE Critical Patch Update which ships in February 2013," Gowdiak wrote on his firm's bug status website.
In the hope that he could prod Oracle to act quickly last month, Gowdiak had gone public -- albeit minus technical details -- rather than privately reporting it to Oracle and waiting for the company to quietly patch Java. But the strategy came up bust. "[We also asked] for the reason of sticking to Oracle's semi-quarterly patch release schedule, which means [an] additional four months to wait for a patch for a critical security issue in Java," Gowdiak noted. Oracle patches Java approximately every four months. As Gowdiak alluded, the next regularly-scheduled update is slated to ship Feb. 19, 2013.
The last time Apple updated Java was in early September, when it fixed flaws Oracle had addressed weeks earlier with an emergency update that aimed to squash aggressive and widespread attacks exploiting a vulnerability.
Users running Java 6 and earlier can grab the update for their version of OS X by triggering Software Update from the Apple menu. Java 7 can be updated by downloading the new version, Java SE Runtime Environment 7u9, from Oracle's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, send e-mail to firstname.lastname@example.org or subscribe to Gregg's RSS feed .
Read more about mac os x in Computerworld's Mac OS X Topic Center.