Security experts advised,'The best defense we have right now for these kinds of attacks is to disable Java in the browser forever'. According to Websense experts, Most browser installations use outdated versions of the Java plug-in that are vulnerable to at least one of several exploits used in popular web attack toolkit. Exploit kits are a very common tool for distribution of many Java-based threats.
To detect the vulnerable Java versions that are installed on systems and Websense experts, used their technology via 'threat intelligence network', which monitors billions of web requests originating from tens of millions systems.
Websense showed that only 5.5% of Java-enabled browsers have the most up-to-date versions of the software. "It is probably no surprise that the largest single exploited vulnerability is the most recent one, with a vulnerable population of browsers at 93.77%." Charles posted at Websense blog.
"Most browsers are vulnerable to a much broader array of well-known Java holes, with over 75% using versions that are at least six months old, nearly two-thirds being more than a year out of date, and more than 50% of browsers are greater than two years behind the times with respect to Java vulnerabilities."
All this doesn't mean that Java is an insecure language or platform, or that web sites built on Java EE are any less secure than other platforms. Unfortunately, perception often beats reality, and Java is getting a big black eye from this one.