Enterprise users of Java for the Mac OS X should ensure their machines are updated with the latest security patch from Apple, released Tuesday.
The update, for both Lion (10.7.3) and Snow Leopard (10.6.8) versions of the platform, closes a dozen holes in Java 1.6.0_29, "the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox," according to Apple.
That presumably refers to CVE-2012-0507, which researchers at F-Secure said Monday was being used to spread the latest variant of the password-stealing Flashback trojan.
===> Computers can be infected simply by users visiting a malicious web page, a scenario known as a drive-by download. <===
===> UPDATE!!! <===