^[1]

According to ^[2] ZDNet, a security vulnerability ^[3] in Java 7 has been discovered and is currently being exploited by malicious parties. The U.S. Department of Homeland Security recommended that users should disable the Java 7 browser plug-in until a patch is issued by Oracle. The report said:

“Hackers have discovered a weakness in Java 7 security that could allow the installation of malicious software and malware on machines that could increase the chance of identity theft, or the unauthorized participation in a botnet that could bring down networks or be used to carry out denial-of-service attacks against Web sites”.

Apple has already moved to address the issue by disabling Java 7 on Macs where it is installed. Apple has updated its "Xprotect.plist" blacklist that currently requires an as-yet unreleased version of Java 7 (1.7.0_10-b19). The current publicly-available version of Java 7 is 1.7.0_10-b18, so all systems running Java 7 cannot pass the check initiated by anti-malware system in OS X.