The minimum required version of Apple’s Java plug-in for Snow Leopard is now 13.9.7 (Java 6 Update 51), up from 13.9.5 (Java 6 Update 45). Apple provides its own version of Java for Snow Leopard and has continued to release security updates for it.
On Lion and Mountain Lion, the minimum version of Apple’s Java plug-in has increased from 14.7.0 (which corresponds with Oracle’s Java 7 Update 21) to 14.8.0 (which corresponds with Java 7 Update 25). Beginning with Lion, Apple no longer bundles Java with OS X; it is now a third-party offering available from Oracle.
Apple likely changed the minimum Java plug-in version due to reports that a previously patched Java 6 vulnerability has been added to the Neutrino exploit kit, making it easier for evildoers to infect a Mac or PC running an outdated version of Java.
In a support article related to this update, Apple recommends only enabling the Java browser plug-in when you need it for a particular site, and then disabling the Java plug-in again afterward.
Adobe has since released several versions of Flash Player that fix a number of vulnerabilities, but none of these versions was an urgent patch to fix bugs that were being actively exploited at the time. The current version of Flash Player is 11.8.800.94 as of when this article was published; any version older than that has known vulnerabilities. You can check to see whether you have the latest version of Flash Player by going to https://www.adobe.com/software/flash/about/
Apple’s XProtect system provides rudimentary protection against certain Mac threats. It does not offer live malware scanning, protection against Windows threats or phishing sites, or other protection that full-featured antivirus software can provide. Intego develops a number of specialized security products for Mac, available from www.intego.com
