Hold on, this is a separate issue. This has nothing to do with my question. It seems to me that somebody at Apple is making decisions for me. I should have been asked! I am perfectly capable of grasping the security implications of running Java on in my browser, and I might be willing to "risk" those issues (which are extremely unlikely to happen to me, and the gains might *for me* outweigh the risks). That I something *I* get to decide. In fact, I had a client a few years ago who has asked me to maintain a Java applet for him. Does this mean that I would suddenly lose the ability to do business (testing), just beacause some egghead at Apple decided that the reputation of the OSX platform as a "safe" OS (which is an illusion, there were cases of security breaches on OSX *NOT* involving Java) is more important than my choice as a consumer?
It's things like this that really make me wonder if I have chosen my computer correctly. I can only dream that Linux develops sufficiently to be put on decent laptops and sold in stores...
Java is no more secure on Linux and the exploit in the wild for this Java vulnerability has Linux payloads but it does't have OS X payloads.
Apple's capacity to set minimum versions for plugins via XProtect is most likely the reason that malware developers didn't bother making OS X payloads for this vulnerability.
Java is dangerous because of its inherent purpose it isn't protected by the runtime security mitigations of the host OS but only the Java sandbox which doesn't function via the host OS sandbox and the Java sandbox recently has been circumvented fairly easily.
Mac OS X and Linux pretty much have the same runtime security mitigations at the moment.
Across all versions of each OS, Mac OS X has fewer local privilege escalation vulnerabilities than Linux namely due to the fact that Mac OS X has better access controls on interprocess communication.
No methods have been demonstrated that allow remotely bypassing the runtime security mitigations in Mac OS X since the introduction of Lion. For example, Safari running on Lion was not compromised at the last Pwn2own.