Java for OS X 2012-006, Java for Mac OS X 10.6 Update 11
The recent drama over Java security has largely died down, though it is hard to image the threat’s subsided. That said, whereas Oracle now (mostly) produces Java for Mac OS X Lion and Mountain Lion, Snow Leopard is still Apple’s responsibility and here’s some fresh Java from Cupertino for both OS X 10.6 and 10.7+.
Java for Mac OS X 10.6 Update 11 (download) and Java for OS X 2012-006 for OS X 10.7 (and later, via Mac App Store) are now available and they deliver improved security, reliability and compatibility by updating Java SE 6 to 1.6.0_37.
On systems that have not already installed Java for Mac … [these updates] will configure web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled “Inactive plug-in” on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.
That bit of boilerplate describes a smart feature Apple has built into Java that removes the plugin, essentially eliminating Java-based security threats. I take that notion to the next level by disabling Java manually until it’s needed, which is just one of the free and easy things you can do to keep your Mac secure — Top 10 free ways to secure your Mac.
These updates were crafted in whole or part by Oracle, which released its quarterly Java update covering 30 vulnerabilities.
As is oft the case, Apple has issued a security update, but hasn’t published the related security content Knowledge Base article(s).