Yesterday we told you about the “Flashback” trojan virus that has infected up to 600,000 Macs through a Java vulernability in OS X. While we mentioned that a fix was already available, Apple has since released a second update to Java called “Java for OS X 2012-002,” available for download through Software Update on Macs. This latest patch is apparently very similar to the earlier fix, and still points to the Java for OS X 2012-001 support page. Apple issued a note to the Java developers to inform them of the updated package.
Today we re-shipped our Java 1.6.0_31 for OS X Lion today to address a critical issue we found in Xcode and the Application Loader tool. This new “Java for OS X 2012-002″ package is effectively identical to “Java for OS X 2012-001″, with the exception of a few symlinks and version numbers.
For the sake of expediency, we have re-rolled the automatic update as our standard full combo updater, with the hope that most users have not yet been presented with 2012-001. We considered creating a delta update for users who already installed 001, but that would have made the process of getting these fixes to you take longer.
We apologize for the inconvenience, and would like to offer our thanks to the developers who caught this issue and reported it to us as quickly as they did. This issue only impacts Lion users, so Snow Leopard users have nothing to reinstall.
Over the next few days, we will catch up with producing updated release notes, tech notes, and developer packages with the revised 002 version numbers.
Manual download links:
Java for OS X 2012-002: <http://support.apple.com/kb/DL1515>
Java for Mac OS X 10.6 Update 7: <http://support.apple.com/kb/DL1516>