Last week, as part of its regular Critical Patch Update, Oracle released new versions of its Java software. Apple has also released new versions of Java for Mac OS X. (As Mac users probably know, Apple packages and releases its own Java updates.) The new versions are Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11. These updates address twenty identified security flaws (essentially, the same ones that Oracle’s update fixed); further information is available on Apple’s support page for this update.
According to an article at Ars Technica, this update also makes one significant change to past Apple practice: it does not include a browser plug-in for Java, and in fact removes any existing plugins. The Naked Security blog from anti-virus vendor Sophos has a post with some additional information. (I didn’t know about this aspect of the update when I wrote yesterday’s post on Java.)
You can get the new version via the Software Update pane in System Preferences, or you can download the new version from Apple’s support site.