Earlier this week, we reported about a recently discovered vulnerability in Java SE 7 that could pose a risk for users on a wide variety of platforms including Apple’s OS X. While the real threat to Mac users stemming from the vulnerability is very low because the Mac-specific exploit for the vulnerability was only seen by a small fraction of Mac users who manually installed Java SE 7. The incident served as another reminder the Mac users can be vulnerable malicious attacks.
The issue was reportedly warned of the issue months ago and apparently didn’t take significant action to protect users until it became public, the company ended up moving quickly to address the problem with today’s announcement regarding the release of Java SE 7 Update 7. The update addresses the specific vulnerability disclosed earlier this week as well as several others and the company has also released Java SE 6 update 35 to address a separate issue with the earlier version. Oracle said the following in an announcement:
If successfully exploited, these vulnerabilities can provide a malicious attacker the ability to plant discretionary binaries onto the compromised system, e.g. the vulnerabilities can be exploited to install malware, including Trojans, onto the targeted system. Note that this malware may in some instances be detected by current antivirus signatures upon its installation.
Source: Oracle (blog)