Apple has released its second update in to the OS X implementation of Java. The first update had closed a vulnerability that has led to the infection of more than 600,000 Macs via a trojan horse.
The Mac infections have received a lot of media attention for past two days, including a splashed headline on the Drudge Report.
While the first Java for OS X Lion 2012-001 update closed the vulnerability in Java 1.6.0_29, there is no indication what the new update – called Java for OS X 2012-002 will fixes. This update notes link to the same support document as update 2012-001.
Last year, Apple had introduced a security update to OS X that would automatically remove malicious software from OS X installations. At the moment, it is not clear if the infected machines can be fixed via the internal OS X security mechanisms.
OS X Mountain Lion, the next version of the OS X software will be released this summer. In this version, Apple will include a feature called Gatekeeper. The new system relies not only on Mac App Store distribution as means of vetting apps, but also on a new “identified developer” program. Under this program, developers distributing their applications outside of the Mac App Store can register with Apple and receive a personalized certificate they can use to sign their applications. After that, Apple can use that system to track developers and disable their certificates if malicious activity is detected.
Source: Mac Rumors