Hi.
For OS X, if you have Java 7 installed and you kept your OS X software updated, Apple has already pulled the plug for you. 🙂
1. Here is the official report from CERT regarding the vulnerability => http://www.kb.cert.org/vuls/id/625617.
Snips:
- "....We have confirmed that Windows, OS X, and Linux platforms are affected. Other platforms that use Oracle Java 7 may also be affected."
- "We are currently unaware of a practical solution to this problem".
The vulnerability notice recommends a workaround: turn off Java in web browsers.
Pity those who don't have OS X: The attack occurs simply when a user hits a black-hat website, thereby executing hostile code onto their machine.
Snip: "Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability."
2. Here are the Apple-specific details from MacRumors.com => http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-wides pread-security-threat/.
Snip:
"...Apple has, however, apparently already moved quickly to address the issue, disabling the Java 7 plug-in on Macs where it is already installed."