It’s time to get very serious about Java updates

Bottom line: many Java exploits go after vulnerabilities that have been patched. Since Java runs on a wide variety of platforms, this makes it a very serious vector. You should stay alert for the automatic Java updates. You also can check the Java site (see link below.)

The background hum of news about the increase in malware that uses Java vulnerabilities has now increased to a roar.

Today Daniel Wesemann wrote a very readable blog post on the SANS site about Java weaknesses.

Wesemann pointed to an October piece on Microsoft’s Malware Protection Center by Holly Stewart in which she writes: “What I discovered was that some of our exploit ‘malware’ families were telling a scary story - an unprecedented wave of Java exploitation.”

Wesemann described the method used by the recent "bpac" family of exploits. The Java vulnerability that it uses was patched in July he points out.

More: http://sunbeltblog.blogspot.com/2010/11/its-time-to-get-very-serious-about-java.html