I have a new software update (10.8.2) I don't get this part of it. I don't want to download it unless it's a good idea.
It's a very good idea. Serious security holes have been found in all versions of Java. (Not the same security holes in all of them, but all of them have some security holes.)
In the past, Java was installed automatically as part of the OS, and the browsers were all given plugins that let websites use Java in their pages automatically. That was a powerful and convenient combination. If you visited a website that needed to use Java, it Just Workedâ„¢ with no effort on your part.
That power and convenience are fine in the absence of security flaws. In their presence, it's a recipe for disaster. Your machine can get infected without your being aware that you'd done anything risky.
In practice, almost no one actually used Java in their web pages. (Emphasis on the word "almost". Emphasis on the "in their web pages" qualifier.) That meant the vulnerability was there on every installation of OS X (and of Windows), with most users getting no benefit in exchange.
Apple (and Oracle, who are now the official custodians of Java) have patched several of the security flaws in Java, but more are being found almost monthly. As a safety measure, Apple has decided to make it Not Quite Just Work. The steps they've taken:
As of Lion, Java is not installed automatically in OS X. If you need it (and some users do, mostly for non-web applications, but for a significant number of web applications as well), you can install it explicitly.
Safari won't use the Java plug-in automatically. If a web page asks to use Java, Safari asks you if it's OK. You normally have to give your OK once, but if you then wind up not using Java for a month, Safari assumes this was a one-time-only need, and your OK expires.
With this patch, even if you install Java, the browser plug-in for it no longer comes from Apple. If you want Java in your browser, you have to get the plug-in from Oracle. Oracle is the official custodian, as I mentioned, and is accepting responsibility for making sure you're always using the latest, safest version available (if you use it at all). (The plug-in you used to get from Apple, Apple had to get from Oracle. They've agreed to cut out the middle-man.)
If you're not using Java, it won't make any difference whether you install this software update, at least in so far as Java security goes. If you don't know if you're using Java, better to install it anyway.
But the 10.8.2 update fixes other things too, and you would want to install it for those things anyway. When Apple tells you what an update fixes, they only hit the highlights. A lot of little niggling bugs get squashed without comment. I've already noticed several things fixed in 10.8.2 that Apple doesn't even consider worth mentioning.
So, yeah, you want to install the 10.8.2 update.
