It’s not just old Java plugins getting the boot on OS X – now old Adobe Flash plugin versions are getting the old heave-ho as well. Apple had previously updated XProtect to make 11.5.502.149 (released early in February) the minimum version:
Now, Apple has updated XProtect to require a more recent version of Adobe Flash, as users were advised to update to a newer version (11.6.602.171, released a few days ago) as it addresses vulnerabilities from 3 CVEs, two of which have been seen in attacks in the wild.
Flash and Java are both popular attack points for malware authors, as they provide the opportunity to access users across all the various popular operating systems. Steve Jobs took a lot of heat for the decision not to include Flash support in iOS, leading him to write an open letter on why this decision was made (and Adobe to come up with an alternative solution, in the form of Adobe Media Server). From a security perspective, the omission of Flash has helped decrease the options malware authors have for attacking iDevices. But as Flash remains popular on many websites, users of other operating systems find themselves being frequently prompted to update their software as new attacks are found at a dizzying pace.