Computerworld – (International) Apple patches Java 6 for OS X Snow Leopard, Lion. September 5, Apple issued a Java update for OS X Lion and Snow Leopard to make it more difficult for hackers to exploit vulnerabilities. The update brought Java 6 up to par with Oracle’s version 35, which it released August 30. Oracle’s so-called ―out-of-band, or emergency patch, fixed three bugs in Java 7 that hackers already began exploiting, and made one change to Java 6. ―[The latter] represents a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited, Oracle said in its advisory of a week ago. Apple was required to provide the defense-in-depth update because it still maintains Java 6, which it bundled with 2009’s OS X Snow Leopard and offered to users running 2011’s Lion as an optional download when they encountered a Java applet on the Web. However, Apple is not responsible for Java 7; the company handed back control of the software to Oracle in 2010. The OS X patches for the three Java 7 flaws, then, were produced by Oracle and shipped the week of August 27 alongside the fixes for the Windows version of Java 7.
Ali Loney, on September 05, 2012