Update OS X to ensure Java security
Apple's latest updates include fixes to prevent Java applet execution that may occur even with the plug-in disabled.
With the latest round of OS X updates Apple has addressed a number of bugs in its Mac operating systems; however, in addition one update is particularly pertinent for those who wish to maintain security with their Java installations.
Java has received some hard knocks recently with a number of security vulnerabilities that could potentially lead to malware execution on exploited systems, and as such, while uninstalling Java has been a preferred recommendation, one common recommendation for those who do need it is to just disable the Java Web plug-in; however, recent developments suggest doing this may not always render a system safe from Java-based threats on the Internet.
In the latest update to OS X, Apple includes a fix for security vulnerability CVE-2013-0967, which in OS X is an issue with its handling of the CoreTypes library where a Java Web-Start applet could be launched automatically even if the Java plug-in is disabled. The problem was that even though the Web plugin itself may be blocked and be nonfunctional, the system still recognized Java applets as acceptable "Safe" files to automatically launch when downloaded.
Even though this should only affect those who have kept the "Open safe files after downloading" feature in Safari enabled, Apple chose to address the issue by removing JNLP (Java Network Launching Protocol) file types from the system's "CoreTypes" safe files list, so now no Java applet will be automatically launched and users will have to do so manually from the OS X Downloads folder.
This issue applies to all versions of OS X 10.7 and later, so if you are concerned about Java security and have not yet updated your system, then you might consider doing so sooner rather than later. Beyond this, a number of other vulnerabilities in the system have been addressed in the latest updates, including those for handling PDFs and images, as well as QuickTime movies, so it is a good idea to keep updated regardless of whether or not you use Java.The latest OS X updates can be installed by choosing Software Update from the Apple menu, or by downloading and applying them manually from the Apple Support Downloads page.