java risk on MAC

The newly discovered zero-day flaw in Java 7 is so serious that the U.S. Department of Homeland Security has warned users to disable or uninstall it, and Apple has disabled the Java 7 plugin on Macs through its OS X anti-malware system, in order to protect users from a potentially serious security issue.

You should disable Java (if not already done) until either the US Department of Homeland Security, or Oracle, declare it safe and Apple restore the facility. Javascript should not be disabled (it has nothing to do with Java).

However, if you need the Jave 6 JRE and plug-in, MadMAC0 has posted at

https://discussions.apple.com/thread/4449038?answerId=20107182022#20107182022&ac_cid=tw123456#20107182

Apple has also posted (Oct 22/12) the approved solution for restoring the Java 6 plug-in:

Java for OS X 2012-006: How to re-enable the Apple-provided Java SE 6 applet plug-in and Web Start functionality.

Java is generally not to be trusted. If you must use it for a specific task, close all browser windows and tabs except the one you're working in, then enable Java and reload the page. When the task is complete, disable Java. Don't leave it on all the time.

skinnerpdx wrote:

How much is running Java a risk with mountain Lion? Do I need to remove it?

I have a couple of remote work platforms that require it for me to log in

You don't need to do anything right now. Both Apple and Google have totally disabled it in their browsers until Oracle can come out with a patch and there is no telling when that might be.

Just saw that Oracle's released update 7u11 which fixes the exploit.