updated 01:26 pm EST, Wed February 20, 2013
Third emergency update may be the charm for recent malware issues
Oracle has once again released an updated version of Java SE 7 in order to combat serious vulnerabilities that have resulted in malware attacks on both Macs and Windows PCs. The new version, Update 15, comes less than three weeks after the previous patch, and follows an Apple-issued update to Java SE 6 in the wake of hacker attacks against Apple's own employees' work Macs. The new update is said by Oracle to "enhance security" as well as improve performance and stability.
According to company release notes, v7 Update 15 serves as a new security baseline, and will replace Java SE 6 outright on machines that can support using Java SE 7 instead. It also deprecates all use of the original "classic" web plug-in. SE 6 is referred to as being "retired" by the company.
Oracle's release notes for Update 15 do not specify how many fixes are included in the update or their exact nature, though it can be presumed to incorporate the same bug fixes as Apple's patch. The previous Oracle update, which was rush-released due to active malware taking advantage of the vulnerabilities, contained fixes to some 50 security holes, almost all of which were browser-based.
Apple recently blocked Java in OS X for a second time following concerns that Update 11 still had serious gaps (that were mostly addressed in the later Update 13). The move prevented malware attacks from reaching Macs "in the wild," but may have caused problems for some Mac users, since it broke any websites or apps based on the software.
Many Mac users will be completely unaware of the security merry-go-round of recent Java issues, as the Java plug-in likely remains disabled (or even completely absent) from machines running OS X Lion or Mountain Lion. OS X automatically disables the Java web plug-in if it is not used for 31 days, and prompts the user to install an updated copy of Java with an automatic link to the latest version when a user runs across a site that requires Java.