Apple rolled out Java security updates for OS X 10.6.8 and 10.7.3 on Tuesday that address several potential vulnerabilities including one that could allow attackers to run malicious code on your Mac simply by visiting a website.
Java for OS X 2012-001 for Lion and Java for Mac OS X 10.6 Update 7 for Snow Leopard follow reports of a Java-based trojan horse based on the Flashback threat that could install its payload without requiring a user account password.
Both updates are available as free downloads through the Software Update application, or via the Apple Support website.