The security risks of having a Java virtual machine/runtime environment on your Mac have been highlighted over the past two weeks, as the Flashback trojan spread widely by taking advantage of a vulnerability that Oracle had patched months ago -- but that Apple had not. There is a mitigating factor, however, in that Apple does not ship a JVM with Lion; users who need it have to opt in and download it.
Today, Apple released a standalone Flashback removal tool for Lion installs that don't have Java. While Apple's Java package has now been updated repeatedly both to patch the exploit and to Flashback-proof the system as a whole, Lion users without Java installed were left out. In the
