Oracle on Friday February 1 released a new version reportedly addressing vulnerabilities seen with the last build.
Apple disabled Java 7 through the OS X XProtect anti-malware system, requiring users to have at least version "1.7.0_10-b19" installed on their Macs. The release dated February 1 carries the designation "1.7.0_13-b20," meeting Apple's requirements.
Oracle "strongly recommends" applying the CPU fixes as soon as possible, saying that the latest Critical Patch Update contains 50 new security fixes across all Jave SE products.
Java 7 updated for 10.7-10.8
Released Feb 1, 2013, fixes 50+ security flaws
Download and install
For Java versions 6 and below OS X 10.5-10.6 machines
Apple supplies their own version of Java. For Mac OS X 10.6 and below, use the Software Update feature available under the Apple menu to check that you have the most up-to-date version of Java 6 for your Mac.
Java SE 6 End of Public Updates
After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. We highly recommend downloading and installing Java 7.
If your considering upgrading OS X from 10.6.8 to 10.8 via AppStore to run Java 7
Be forewarned no PowerPC based programs or driver software will run any longer.
Check here BEFORE you upgrade OS X!
Alternatives if you must run Java 7
If Apple disabled Java 6 in 10.6, and you can't upgrade OS X to 10.8, then your pretty much done with Java in OS X because Oracle won't issue updates for Java 6 anymore.
However you can install Windows 7 and continue to use Java 7+ there until support for Windows 7 ends in 2020.
If your on 10.6, I very highly recommend the free Virtualbox for the virtual machine software as it gets updates, VMFusion and Parallels have moved on with only 10.7+
Check Software Update...
APPLE-SA-2013-02-01-1 Java for Mac OS X v10.6 Update 12
Java for Mac OS X v10.6 Update 12 is now available and addresses the
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Multiple vulnerabilities in Java 1.6.0_37
Description: Multiple vulnerabilities exist in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
These issues are addressed by updating to Java version 1.6.0_39.
Further information is available via the Java website at http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html