Outdated Java versions blocked by Apple to eliminate vulnerability
Apple has recently released an update for OS X which deals with a vulnerability that was identified within the outdated Java web plug-in. For users who are running the OS X Lion and Mountain Lion systems, Apple has recommended that customers ensure they are using the newest version of Java 7, and then update the program via the Java Control Panel app.
From reading Intego’s Mac Security Blog, I understand that the update alters the XProtect component of OS X, officially referred to as File Quarantine, which was done to block outdated versions of the java browser plug-in.
The minimum required version of Apple’s Java plug-in for Snow Leopard is now 13.9.7 (Java 6 Update 51), up from 13.9.5 (Java 6 Update 45). Apple provides its own version of Java for Snow Leopard and has continued to release security updates for it.
On Lion and Mountain Lion, the minimum version of Apple’s Java plug-in has increased from 14.7.0 (which corresponds with Oracle’s Java 7 Update 21) to 14.8.0 (which corresponds with Java 7 Update 25). Beginning with Lion, Apple no longer bundles Java with OS X; it is now a third-party offering available from Oracle.
Apple’s best practice seems to suggest that users should only enable java when necessary.
Enable Java in your web browser only when you need to run a Java web app.
Confine your web browser only to the websites that need the Java web app. Do not open any other websites while the Java web plug-in is enabled.
When you are done, disable the Java web plug-in.