Apple posts Java fix for vulnerabilities


Apple Tuesday posed a fix for OS X 10.6 running Java SE 6.

Java for Mac OS X 10.6 Update 13 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_41.

On systems that have not already installed Java for Mac OS X 10.6 update 9 or later, this update will configure web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled "Inactive plug-in" on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.

Please quit any web browsers and Java applications before installing this update.


Users running Java SE 7 obtain updates directly from Oracle and appear to be unaffected. Regardless, the update from Apple appears to check for installed malware connected to this exploit and will notify the user if any is found.

Yesterday Apple disclosed that the Java exploit affected computers within the company.

"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers," the statement said.

"We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple," it continued.


The Java for OS X 10.6 Update 13 is available via the Mac App Store update utility.

Apple statement via Reuters