|
The update (separate versions are provided for Snow Leopard and Lion) is currently available via Software Update, but will presumably also be available for download from Apple's Support Downloads page.
The new updates supersede those released last week to plug the security hole exploited by the Flashback.K malware. In addition to providing an updated version of Java, Java for Mac OS X 10.6 Update 8 and Java for OS X Lion 2012-003 remove the most common Flashback variants if they are found on the system. No notification is given if Flashback is not found.
The updates are recommended for all Snow Leopard and Lion systems that already have Java installed.
Apple officials advise users "If you do not use Java applets, it is recommended that you disable the Java web plug-in in your web browser." The company provides instructions for disabling Java in Safari here, along with links to similar instructions for Chrome and Firefox.
Java for OS X Lion 2012-003 automatically deactivates the Java browser plugin and Java Web Start on installation, and if they are manually activated, it deactivates them again whenever they are left unused for 35 days.
Flashback.K appears to have been one of the most effective pieces of malware. It has been estimated that more than 650,000 Macs were infected, though the number of active infections seems to have dropped significantly this week.