New versions of the Java runtime have been released for Macintosh customers running OS X Lion and Snow Leopard, with the purpose of improving security, reliability, and compatibility.
Java for Mac OS X 10.6 Update 9 and Java for OS X 2012-004 deliver “improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_33,” according to the company headquartered at 1 Infinite Loop, Cupertino, CA.
For Snow Leopard users, “this update configures web browsers to not automatically run Java applets.”
Customers can re-enable Java applets by clicking the region labeled "Inactive plug-in" on a web page. The Java web plug-in will deactivate automatically if no applets have been run for an extended period of time. Cupertino doesn’t specify the exact duration.
For Lion customers, “this update configures the Java plug-in to deactivate when no applets are run for an extended period of time.”
The company explains that “if the prior update named ‘Java for OS X 2012-003’ was not installed, this update will disable the Java web plug-in immediately.”
Java for OS X 2012-004 and Java for Mac OS X 10.6 Update 9 both address several vulnerabilities in Java, as detailed in a KB article on Apple’s Support site.
“Multiple vulnerabilities exist in Java, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user,” according to the Mac makers.
The updated Java 1.6.0_33 runtime patches these holes, as well as several others. Apple directs customers to the official Java release notes over at Oracle for the full scoop.