Java for OS X 2012-002 appeared on Software Update just two days after version 2012-001 was released on Tuesday. Apple also released Java for Mac OS X 10.6 Update 7 earlier in the week.
It's not immediately clear, however, how the most recent update differs from the earlier version, as Apple's links for more detail and information point to the same page as the old update. Java for OS X 2012-001 resolved multiple vulnerabilities in Java, the most serious of which could "allow and untrusted Java applet to execute arbitrary code outside the Java sandbox."
On Wednesday, a Russian antivirus company revealed that an estimated 600,000 Macs had been infected by a "Flashback" trojan that exploited the Java vulnerability to turn the computers into bots. The majority of the infected computers were located in the U.S.
The virus was first discovered by a security firm last September. F-SEcure has posted a tutorial on how to detect and removethe threat.
[ View article on AppleInsider ]