Were you aware that Java is increasingly being viewed as a security risk? Of course you were — recent high-profile attacks have firmly established the trend, so we're not going to do yet another roundup here.
Instead, let's drill in and try to understand the core problem. With so many vulnerabilities, it's hard to keep browsers up to date with the latest patched versions — especially because Java is updated independently from the browser. How hard is it? We decided to check.
We recently added Java version detection to ACE and pumped it into the Websense ThreatSeeker® Network to get real-time telemetry about which versions of Java are actively being used across tens of millions of endpoints. Here's what we found (you may need to click on the graph to see all the detail):
read more.........http://community.websense.com/blogs/securitylabs/archive/2013/03/22/how-are-java-attacks-getting-through.aspx