[Update: good article on the topic from Brian Krebs.]
…better late than never?
Updates are now available from Apple for Snow Leopard and Lion that addresses a number of known vulnerabilities in Java:
The update is timely in a sense, in view of the recent tweaking of OSX/Flashback to make use of CVE-2012-0507, as previously noted here. However, as Chester Wisniewski pointed out in a blog article for Sophos, Oracle released update 31 to version 6 of Java way back on February14th, so the delay between Oracle’s release and Apple’s update is a little disquieting.
David Harley CITP FBCS CISSP