A Apple, and advising users not to use the software. Apple took the rare step of disabling the Java 7 plug-in on Macs where it is installed by updating its "Xprotect.plist" blacklist, part of the anti-malware built into OS X.discovered in Java last week prompted separate warnings from the ,
Oracle Java 7 Update 11 which addresses the vulnerability. But we may not be out of the woods just yet.for the vulnerability on Sunday and today Apple released
Although Java 7 update 11 satisfies OS X anti-malware's requirement for a minimum Java version number of 1.7.0_10-b19 the U.S. Department of Homeland Security hasthat the Java web browser plug-in still poses risks -- even after Oracle's update 11 patch is installed.
"Unless it is absolutely necessary to run Java in Web browsers, disable it [...] even after updating to [Update 11]."
ZDNet's Zack Whitttaker reports that quoting Rapid7 chief security officer HD Moore (via Reuters) as saying "The safest thing to do at this point is just assume that Java is always going to be vulnerable. Folks don't really need Java on their desktop."