The first option is to run the Java Preferences app (/Applications/Utilities/). On the General tab it shows the version of Java you have installed. If it says you're running Java SE 7, and if the Enable Applet Plug-in and Web Start Applications option is checked, you are exposed. If it says Java SE 6, or if that applet option isn't checked, you're safe.
You can also check your version by opening Terminal and typing java -version. This time you want to make sure the response isn't 1.7. If it is, don't be too alarmed; you can't be exploited if you don't also have that browser support turned on in the Java Preferences app.
If you are vulnerable, immediately uncheck that Enable Applet Plug-in and Web Start Applications option in the Java Preferences app. Doing so isn't a perfect defense, but it does prevent malicious websites from exploiting you. (
You could still be tricked into downloading an exploit that you would run manually.)
Using the Java Preferences application is more reliable than disabling Java in your browser since it blocks it from all browsers at once. This allows you to still use Java on your Mac, but without the risk of being infected through your web browser.
The safest way to keep using Java
If, like me, you still need to use Java in your web browser, I recommend the following steps. They will reduce your risk, and I recommend them as an ongoing security practice even if you aren't on the vulnerable version of Java. Because, to be honest, these Java attacks aren't about to slow down anytime soon.
First, manually disable Java in your Web browsers. Even if you turned it off in Java Preferences, this will keep it from running if you ever change that setting (which we are about to do). In Google Chrome type chrome://plugins in the address bar and click the link to disable Java. In Safari, go to Safari > Preferences and uncheck Enable Java on the Security pane. In Firefox go to Tools > Add Ons > Plugins and uncheck Java Plug-In.
Next, re-enable Java applet support in the Java Preferences application (or wait for your Mac to automatically prompt you the next time you need it).
Third, pick a secondary browser that you never normally use and re-enable Java in it. For example, I use Chrome as my primary browser, and I disabled Java in it. I almost never use Firefox, but I still have it installed and Java is enabled in it. This protects me as I browse around the Web. (I also use Safari for development testing, so I keep it disabled on that). Whichever browser you choose as your secondary one, you should use it only when you know you need to use Java and you are going to a website you know. For me, I mostly need Java for presenting webcasts, so when I hit a site I must use that requires Java, I use my backup browser.
