Apple has pushed a new release of Java 6 that fixes a new vulnerability discovered just a few days ago. Somewhat confusingly, Apple delivers updates to Java 6, while Oracle delivers updates directly to Java 7 users.
"We detected a brand new Java zero-day vulnerability that was used to attack multiple customers," FireEye security researchers Darien Kindlund and Yichong Lin said in a blog posted Thursday. "Specifically, we observed successful exploitation against browsers that have Java v1.6 update 41 and Java v1.7 update 15 installed," they said, referring to the two most recently released versions of Java 6 and Java 7.
Lion and Mountain Lion users should download Java for OS X 2013-002. This file updates Java SE 6 to 1.6.0_43, the latest version released by Oracle. Snow Leopard users will download Java for Mac OS X 10.6 Update 14, which delivers the same version of Java 6.
The last update for both Java 6 and 7 was released in mid-February to fix a different security vulnerability.