Apple has released Safari 6.0.4 for OS X Lion and Mountain Lion, as well as Safari 5.1.9 for users of OS X 10.6 Snow Leopard, the four-year old Mac OS which is still widely used by Macintosh owners worldwide.
Apple’s Safari web browser now allows users to enable the Java plug-in on a website-by-website basis. The company gives them four settings to choose from.
When a person first visits a website that requires the Java web plug-in, the web browser now pops up a dialog containing the specific website.
Once the user chooses to block or allow the Java web plug-in on a website, he / she can manage Java settings for that website in the Security pane of Safari Preferences.
The settings include: Ask Before Using, Block Always, Allow, and Allow Always.
If you select Ask Before Using, Safari will present the option to Block or Allow the Java web plug-in and, whenever Oracle pushes out a Java update, the browser will direct you to the download source.
The option to Allow runs the Java web plug-in as long as the installed version of Java isn’t prone to malware. If an update is available for Java, Safari will again direct you to the download source.
As expected, Allow Always will allow the Java web plug-in to run without prompts from Safari.
“This setting is only recommended for trusted websites that require the Java web plug-in, such as websites that are only accessible on your company's intranet,” Apple says.
Safari 6.0.4 (for OS X 10.7 and 10.8) also addresses a security issue where “visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.”
The patch fixes an invalid cast issue in the handling of SVG files through improved type checking.
Apple credits Nils and Jon from MWR Labs working with HP TippingPoint's Zero Day Initiative for discovering and reporting the flaw.