Apple barred Java from running on Macs in order to safeguard users by blocking Java 7 Update 11 and adding it to the banned list in XProtect.
This was the second time in two weeks that Apple had blocked Oracle's code from running on Macs. The threat was so serious that the U.S. Department of Homeland Security had recommended that all Java 7 users disable or uninstall the software until a patch was issued. This time Java is blocked through Apple's XProtect anti-malware feature.
Java has come under fire as the means by which hackers have been able to gain control of computers. In April 2012 more than 600,000 Macs were reported to have been infected with a Flashback Trojan horse that was being installed on people's computers with the help of Java exploits. Then in August Macs were again at risk due to a flaw in Java, this time around, there was good news for Mac users: Thanks to changes Apple has made, most of us were safe from the threat.
Unwilling to leave its customers open to potential threats Apple decided it's safer to block Java entirely.
In order to block older versions of Flash, Apple has updated its "Xprotect.plist" file so that any versions that come before the current one (version 11.6.602.171) cannot be used on a Mac. Users who have older versions of Flash installed will be greeted with an alert that says "Blocked plug-in," and Safari will prompt the user to update to a newer version.
Macs running OS X Snow Leopard and beyond are affected.
UPDATE for those running Lion or Mountain Lion:
Oracle on Friday February 1 released a new version reportedly addressing vulnerabilities seen with the last build.
Apple disabled Java 7 through the OS X XProtect anti-malware system, requiring users to have at least version "1.7.0_10-b19" installed on their Macs. The release dated February 1 carries the designation "1.7.0_13-b20," meeting Apple's requirements.
Oracle "strongly recommends" applying the CPU fixes as soon as possible, saying that the latest Critical Patch Update contains 50 new security fixes across all Jave SE products.
Update for Snow Leopard users:
Apple issued update 12 for Java for OS 10.6:
Note: On systems that have not already installed Java for Mac OS X 10.6 update 9 or later, this update will configure web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled "Inactive plug-in" on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.
If, after installing Java for OS X 2013-002 and the latest version of Java 7 from Oracle, you want to disable Java 7 and re-enable the Apple-provided Java SE 6 web plug-in and Web Start functionality, follow these steps:
Apple issued this Java related security update No. 13 on February 19:
and Update No. 14 on March 4: http://support.apple.com/kb/DL1573
And the latest update from April 16, 2013:
and for Snow Leopard:
You should also read this:
Further useful comments in these articles:
Two bugs, one affecting Apple's Mac platform and another attacking Microsoft's Windows, exploit certain Flash player vulnerabilities to install malware onto users' systems, reports ArsTechnica. While users of other operating systems like Linux have yet to report attacks, Adobe's advisory notes the exploit affects all platforms.
Designated as CVE-2013-0634, the first vulnerability targets the Safari and Firefox Web browsers running on OS X, and is also being used as a trojan to deploy Microsoft Word documents containing malware. For Mac users, the flaw affects Adobe Flash Player version 11.5.502.146 or earlier.
On March 1, 2013 Apple again blocked Flash Player for Lion and Mountain Lion:
You should uninstall any previous version first, and repair permissions after installing the new version.
If you still get a ‘plug-ins blocked’ message: