The following reads back the last modification date from the Xprotect plist:
defaults read /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta LastModification
But I think the better thing to look at is if the blocked plug in field for Oracle is correct. Perhaps like this?
defaults read /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta PlugInBlacklist | awk -F"= " '/com.oracle.java/{ getline; print $2 }' | sed -e 's/"//g;s/;//g'
