Apple launched a new security feature for its Safari web browser that allows Java applet loading permissions on a web-site-specific basis.
The feature is in Safari 6.0.4, which is a software update for Lion and Mountain Lion users, and in Safari 5.1.9 for Snow Leopard, which is available for direct download (about 48MB) and via Apple’s software update service.
The new feature will prompt Safari to ask users what to do with each newly encountered Java applet.
A new setting allows users to permanently block or permanently allow applets, or trigger confirmation requests, on a web-site-specific basis. When “allowing” applets, users can either choose “always allow” or they can allow applets only if the installed version of Java contains no known critical security issues.
Safari 6.0.4 also closes a security hole in WebKit used during this year’s Pwn2Own security competition.
Apple also released two new Java updates that correspond to Oracle’s Java 7 Update 21. Java for Mac OS X 10.6 Update 15 (just under 70MB) updates Java SE 6 under Snow Leopard to version 1.6.0_45 and enables the previously mentioned security feature in Safari 5.1.9.
Java for OS X 2013-003 is for Lion and Mountain Lion, where it also updates Java SE 6 to version 1.6.0_45. The Java updates close numerous security holes, including critical ones – and users should install it as soon as possible.