XProtect update blocks unpatched Java versions in OS X
Apple has updated its Web plug-in blacklist to include all but the most recent versions of Java.
Early this morning Apple issued an update to its XProtect malware-handling system in OS X that updates the Web plug-in blacklist to include a more recent version of Oracle's Java plug-in. The update now will prevent all versions of the Java Web plug-in before version 22.214.171.124 from running on the system (previously the limit was version 126.96.36.199).
This change was likely made because of a recent security issue in the prior version of the Java 7 runtime that affected JRE 7 Update 10 and earlier. A patch for this was issued by Oracle on January 13, and Apple's XProtect plug-in update should ensure that Java users are running this latest, patched version.
If you find that after today's update Java applets are no longer loading, then be sure to download and install the most recent Java updates. These can be accessed by updating Java through the Java Control Panel in the OS X system preferences, or by downloading and installing the latest Java runtimes from Oracle's Java Web site.
Given the recent security issues involving Java, if you do not need to use Java then it is highly recommended to remove it from your system, but if you do need to use it then consider taking steps to manage its Web plug-in component either by disabling it or by, though not all plug-in managers can adequately block Java.