This article is short on facts and big on scaremongering hype. Just because script kiddies are purchasing malware toolkits which as some java stuff as a feature does not make JVM plug-in the "most exploited".
The last known vulnerability in JVM was discovered and patched almost a year ago. These issues are addressed in the following releases: JDK and JRE 6 Update 17 JDK and JRE 5.0 Update 22 SDK and JRE 1.4.2_24 SDK and JRE 1.3.1_27
If you are concerned about security, instead of reading this guy's uninformed blog, read this instead:
I agree with you, but as the comment above pointed out for various reasons JVM updates lag in the enterprise. One of those screens had a table of JVM version numbers and a large slice were old installs.
It isn't really Sun/Oracle's fault, since they provide a decent updater.
OTOH, the number of these malware toolkits and the penetration rates they seem to achieve is just remarkable. I love the toolkit that had the 'now compatible with windows 7' logo in the admin screen.
One huge issue is that many enterprise apps are only certified to run on older JREs. So updating the JRE will break the application and put you in "unsupported mode" with the application vendor. So companies must stay at version 1.6.9 (or whatever).
The last known vulnerability in JVM was discovered and patched almost a year ago. These issues are addressed in the following releases: JDK and JRE 6 Update 17 JDK and JRE 5.0 Update 22 SDK and JRE 1.4.2_24 SDK and JRE 1.3.1_27
If you are concerned about security, instead of reading this guy's uninformed blog, read this instead:
McAfee Threat Center : http://mcafee.com/us/threat_center/default.asp
Symantec : http://us.norton.com/security_response/threatexplorer/index....