Apple has shipped updates to plug more than two dozen security holes in its version of Java, including a dangerous flaw that was patched on other platforms more than six months ago. The computer vendor has been frequently criticized for its sluggish response in incorporating third-party fixes to its own operating system, with developers releasing proof-of-concept code last month to force Apple into finally shipping the patch.
The vulnerability allows a remote attacker to take over a system, and was ranked as 'highly critical' by security vendor Secunia. As opposed to Windows users, who get their Java updates directly from Sun, Apple packages Java for the Mac itself to ensure the quality of experience for its users and whatnot. The problem is security issues involving third-party components are often ignored by Apple until their severity is actually demonstrated.
Fortunately for Apple users, while security researchers regularly demonstrate OS X exploits, attackers are much more inclined to target the ubiquitous Windows platform – even though that scenario seems to be slowly changing. As usual, Mac owners can grab the latest Java version via Software Update or directly from Apple’s Support Downloads website.