Less than two weeks after its last Java updates, Apple has released Java for OS X 2013-002 for OS X 10.8 Mountain Lion and 10.7 Lion and Java for Mac OS X 10.6 Update 14 for 10.6 Snow Leopard. Apple’s security page notes that these updates address two critical vulnerabilities (CVE-2013-0809 and CVE-2013-1493), the latter of which has been actively exploited to, according to Oracle, “maliciously install the McRat executable onto unsuspecting users’ machines.” Once installed, McRat can then download
further malware onto the affected computer. Both updates bring Java SE 6 up to version 1.6.0_43. The updates are available via the App Store app or Software Update and direct download, and Apple reminds you to quit any Web browsers and Java applications before installing either one.
If you don’t rely on Java for any critical apps, it might be time to remove Java entirely from your system. Over at Macworld, Rich Mogull recommends doing this, and describes how to extricate it from your Mac. If you need Java to run an app (such as the CrashPlan backup utility), Rich also explains how you can isolate Java by disabling it in the Safari, Chrome, and Firefox browsers. (Free, 63.8 MB and 69.3 MB)