FYI...
Java users at risk ...
- http://community.websense.com/blogs/...-exploits.aspx
4 Jun 2013 - "... collecting telemetry... to provide insight into usage of the most recent version of Java... almost 93% of users are still not patched to the most recent version of Java. This leaves the majority of users still vulnerable to the dangers of exploit code already in use in the wild... So 1 month after release, the remaining 92.8% of users remain vulnerable to at least one exploit in the wild... the April 2013 Java Critical Patch Update contained 42 new security fixes, of which 39 may be remotely exploitable without authentication. We saw that on April 20, 2013, to illustrate the danger of just one of these 39 remote execution vulnerabilities, Metasploit published a module to exploit a vulnerability in CVE-2013-2423*. We have observed this particular exploit code incorporated into exploit kits and used in the wild..."
* https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-2423
Java JRE 7u21
- http://www.oracle.com/technetwork/ja...s-1880261.html
April 16, 2013
Recommended Version 7 Update 21
- https://www.java.com/en/download/manual.jsp
- https://krebsonsecurity.com/2013/04/...ecurity-holes/
April 16, 2013 - "... contains 42 new security fixes for Oracle Java SE. A majority of these flaws are browse-to–a-hacked-site-and-get-infected vulnerabilities..."