An update for Java SE 6 for Snow Leopard has fixed multiple vulnerabilities and resolves a block Apple placed on browser plugins for the software.
Java 6 Update 12, released on Friday, clears last week's unannounced block by Apple on browser plugins for the latest versions of Java 6 and 7.
The update configures web browsers to not automatically run Java applets and fixes 30 vulnerabilities in 1.6.0_37 shared with Oracle's Java 7 Update 11. The Java 7 flaws were fixed in Java 7 Update 13.
While Mountain Lion and Lion users could apply Oracle's Java 7 Update 13 last Friday, Snow Leopard users rely on Apple for updates to Java 6: last August, Oracle took over the maintenance of Java for OS X for Java 7 Update 6 onwards; however, Java 7 is not supported on Snow Leopard and as of this month Oracle will stop providing updates for Java 6 altogether.
Apple's unannounced block on Java browser plug-ins last week caught some Mac users that run Java applications by surprise. The move by Apple marginally pre-empted an unexpectedly early critical patch update by Oracle, two weeks ahead of its scheduled 19 February release.
Oracle's director of software security assurance Eric Maurice said in a blog post its February update had been accelerated in response to active exploitation of one of the 44 vulnerabilities affecting the Java Runtime Environment in desktop browsers.
Maurice said that this latest update from Oracle demonstrated the company's intention to "accelerate the release of Java fixes" because Java in browsers, being OS-independent, is an attractive target for hackers.
A recent analysis by Russian security firm Kaspersky Lab found 41 major versions of Java 6 and 7 being used, many of them containing flaws that were being exploited. Around 30 percent of users failed to update Java to the latest edition by the time a new update was released, its researchers said.