Have a Mac running OS X Lion v10.7 or later with Java installed? Then you need to fire up the Mac App Store (a.k.a. Software Update) and get this Java for OS X Update. And, wow, what a weekend for Mac security! Evernote and Flash hacks made the rounds, meaning even more security-centric updates for the rest of us.

• Java for OS X 2013-002, download
— Java for OS X 2013-002 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_43.
— See also: Java for Mac OS X 10.6 Update 14

And, there’s this bit of boilerplate Apple’s been including with recent Java for Mac updates:

On systems that have not already installed Java for OS X 2012-006, this update disables the Java SE 6 applet plug-in. To use applets on a web page, click on the region labeled “Missing plug-in” to download the latest version of the Java applet plug-in from Oracle.

Apple has posted detailed update notes, but the details are exactly the same as those provided above — thanks for that. Likewise, the mothership hasn’t yet listed the security content of the Java for OS X 2013-002 Update — we’re welcome, we’re sure.

Capping it all is Oracle’s Security Alert for CVE-2013-1493, a remotely exploitable vulnerability. There is, however, a patch available.

Needless to say, Java users need to apply both the Apple and Oracle’s patches.

An Eventful Weekend

Just in case you missed the Mac Security fun this weekend, Apple pushed a Xprotect update that blocked older versions of Adode Flash due to the appearance of an active, in-the-wild exploit. Get the latest Flash update, which addresses the vuln.

Like a long list of other A-list internet companies of late, Evernote got hacked and dutifully announced the same to its 50 million users. The company says no sensitive info was compromised.

Nevertheless, Evernote is requiring users to update their passwords, and has released updates for Evernote 5.0.6 for Mac (MAS) and Evernote 5.2.2 for iOS (iAS), both of which are said to include multiple security patches.

[u] In a statement provided to InformationWeek, Evernote spokeswoman Ronda Scott said, “We were already planning to roll out optional two-factor authentication to all of our users later this year. We are accelerating those plans now.”

Hopefully, that will be benefit than trouble whence it arrives — no mention from Evernote on the timing yet…

Feel safer?

Related posts:
— Java for Mac OS X Updated for Snow Leopard, Lion, Mountain Lion
— Mac Security: Adobe Patches Zero Day Flash Exploit
— Java for Mac OS X 10.6 Update 12, Oracle Patches Available
— Best Mac AntiVirus? You Have Choices
— Mac Antivirus: Intego Virus Barrier, Net Barrier Save 30%

• More