updated 03:20 pm EST, Fri January 11, 2013
Blacklist requires unreleased version of Java for plugin to work
[Update: Mozilla joins in, FBI issues warning, fix coming] Apple has disabled the Java 7 browser plug-in on Macs through an updated OS X blacklist file, notes MacRumors. Recently a major security vulnerability was discovered in Java 7, one already being exploited in malware. In response, Apple has silently pushed an updated Xprotect.plist file to OS X users, setting an as-yet-unreleased v1.7.0_10-b19 as the minimum version of Java required for unrestricted operation.
In the past few years, Apple has tried to distance itself from Java as part of a general move away from third-party browser plug-ins. At one point the software came preinstalled on Macs, and was maintained in a separate Apple fork. In 2010, though, the company began leaving Java support up to Oracle, since the Apple fork was regularly lagging behind, which was leaving Macs exposed to known threats. Java is now entirely optional code that Mac owners have to download on their own, though if users attempted to run a Java applet they would be asked if they wanted to install Java from an Oracle public link.
Oracle has yet to say when a new version of Java will reach OS X. That could cause at least temporary problems for Mac owners who depend on apps and websites built around the plugin, though Java-based applications that use Java 7 separately of a web browser will not be affected by the blocking.
[U] The Mozilla foundation has also quietly updated the blacklist in its Firefox browser to block the affected Java 7 web plug-in, and security experts are now advising the public to temporarily disable Java in other browsers until Oracle can release a patch for the security issues, which it has said it will do on Tuesday.