After leaving Mac users vulnerable for more than six weeks, Apple has finally released a new version of Java for OS X 10.6 (Snow Leopard) and 10.7 (Lion).
This release comes quick on the heels of an in-the-wild exploit actively targeting Mac users, in one of the first cases of drive-by exploitation we have seen for OS X.
Today's release updates Java to version 6 update 31 which Oracle released for Windows, Linux and Unix on February 14th.
This does make you wonder whether Apple takes security as seriously as it should. Perhaps its public facing image of being invulnerable is the prevailing attitude within the company.
Why Apple did not deploy these fixes before Mac users were victimized by criminals is unclear. Fortunately, once it became a problem the company responded quickly.
If you are running Snow Leopard, upgraded from Snow Leopard to Lion or installed the Java add-on for Lion, be sure to click the Apple icon in the upper-left corner and choose Software Update. Lion does not ship with Java by default on new installations, but many have chosen to install it anyway.
Lion users will see "Java for OS X 2012-001" and Snow Leopard users will see "Java for Mac OS X 10.6 Update 7" in the software updater.
To check which version of Java you currently have installed open Terminal and type "java -version". You should see "java version 1.6.0_31" if you have upgraded successfully.
Another option is to remove Java entirely, or to disable it. Most Mac users don't need Java to work and surf in the year 2012. The guys at Rapid 7 have put together a short video showing how to do this on their blog.
Users of older versions of OS X (10.5 and earlier) should immediately disable the Java plugin as Apple does not appear to be shipping further updates to Java on these platforms.
Of course you should also run anti-virus on your Mac, and Sophos Anti-Virus for Mac Home Edition is free for non-commercial use.
Why not load it to be sure your Mac stays clean from Mac, Windows and Linux nasties? Think of it as a safety net just in case cybercriminals continue to target the growing OS X user population.Follow @chetwisniewski