Java SE 6 is updated to version 1.6.0_20 on both operating systems. 28 security vulnerabilities in Java are addressed by this update, including one or more that may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Two Mac-specific issues that could allow the execution of arbitrary code are also addressed.
The update for Leopard also takes J2SE 5.0 to version 1.5.0_24, and updating Java SE 6 to 1.6.0_20 for 64-bit capable Intel-based Macs. Since J2SE 1.4.2 is no longer being updated, it remains disabled by default.
J2SE 5.0 1.5.0_24 addresses the same set of vulnerabilities as Java SE 6 1.6.0_20.
Oracle (formerly Sun) released Java SE 6 1.6.0_20 in mid April. There is always a delay before the Mac OS X version of a Java update arrives, as it is maintained by Apple rather than Oracle.
The updates can be installed by using Software Update, or downloaded from Apple's Support Downloads page.