The security risks of having a Java virtual machine/runtime environment on your Mac have been highlighted over the past two weeks, as the Flashback trojan spread widely by taking advantage of a vulnerability that Oracle had patched months ago -- but that Apple had not. There is a mitigating factor, however, in that Apple does not ship a JVM with Lion; users who need it have to opt in and download it.

Today, Apple released a standalone Flashback removal tool for Lion installs that don't have Java. While Apple's Java package has now been updated repeatedly both to patch the exploit and to Flashback-proof the system as a whole, Lion users without Java installed were left out. In theory they could be affected by the Flashback trojan itself even if they weren't susceptible to the specific means of infection that this variant uses.

The 356KB download is recommended for all Lion users without Java installed.

This article was originally published on Tuaw.
You're the Pundit: Redesign Apple's High End Mac