Apple issues Java update to tackle zero day

Apple has begun protecting its users against the recent Java zero-day vulnerabilities by rolling out its own patches.

Apple has now released its own patches for OS X users, in order to tackle the Java zero-day vulnerabilities that were discovered at the end of last month.

The security updates are available for Mac OS X Snow Leopard, Lion and Mountain Lion systems, due to there now being "an opportunity for security-in-depth hardening". In Apple's security bulletin, the company refers to Oracle's own security alert for CVE-2012-4681, and recommends users apply either the Java for Mac OS X 10.6 Update 10 or Java for OS X 2012-005, depending on the user's operating system. These patches will update Java to version 1.6.0_35, the equivalent of the latest version of Java 6.

Java 7 is only available on Macs if users have downloaded it directly from Oracle, rather than using Apple's software updater. Users running the latest version of Java 6 on OS X are not vulnerable to the alleged sandbox bypass vulnerability that was discovered in the most recent Java 7 Update 7 patch.

Apple has stated that it will provide further information on the patch on its Apple security updates page, but at the time of writing, this had not been updated.