Jared Newman, Macworld April 10, 2012
As Intego notes, the Java for OS X 2012-002 update appears to be same as the one Apple issued at the end of last week but the latest update is aimed only at Max OS X Lion users. It’s possible, Intego says, that Apple found a glitch in the first update that would make a new release necessary.
The update “delivers improved compatibility, security and reliability by updating Java SE 6 to Java 1.6.0_31,” Apple’s update prompt says.
Security companies first discovered the Flashback trojan last September. At the time, the malware masqueraded as an update for Adobe Flash, but as of April, Flashback was infecting users who visited compromised websites, without requiring a password for installation. Apple patched the vulnerability this week, but not before 600,000 users were infected according to antivirus vendor Dr. web. (Other firms have said they can’t confirm the number of infections.)
Intego recommends installing the latest update right away. “The Flashback malware has been very active in the wild and can install with no user interaction, if Java is not patched,” the company says in a blog post.