Apple Releases Java 7 Update 11 for Zero-Day Flaw

A zero-day vulnerability discovered in Java last week prompted separate warnings from the US government, Apple, and Mozilla advising users not to use the software. Apple took the rare step of disabling the Java 7 plug-in on Macs where it is installed by updating its Xprotect.plist blacklist, part of the anti-malware built into OS X. Oracle released a patch for the vulnerability on Sunday and Apple released Java 7 update 11 which addresses the vulnerability.

Although Java 7 update 11 satisfies OS X anti-malware's requirement for a minimum Java version number of 1.7.0_10-b19 the U.S. Department of Homeland Security has reiterated its warning that the Java web browser plug-in still poses risks - even after Oracle's update 11 patch is installed. Unless it is absolutely necessary to run Java in Web browsers, disable it even after updating to Update 11.