Apple posts Java fix for vulnerabilities
February 20th 2013
Apple Tuesday posed a fix for OS X 10.6 running Java SE 6.
On systems that have not already installed Java for Mac OS X 10.6 update 9 or later, this update will configure web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled "Inactive plug-in" on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.
Please quit any web browsers and Java applications before installing this update.
Users running Java SE 7 obtain updates directly from Oracle and appear to be unaffected. Regardless, the update from Apple appears to check for installed malware connected to this exploit and will notify the user if any is found.
Yesterday Apple disclosed that the Java exploit affected computers within the company.
"We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple," it continued.
The Java for OS X 10.6 Update 13 is available via the Mac App Store update utility.
Apple statement via Reuters