Brian Krebs, security researcher recently came across one fresh exploit toolkit, which uses patched vulnerability within Oracle's Java as it comes bundled with the notorious malware kit BlackHole. Softpedia.com published this on November 28, 2011.
Apparently, every edition of the Java is prone to assault by the exploit other than the latest ones; however, given that plentiful users don't make the component up-to-date on an urgent basis, attackers can effectively utilize the exploit on various systems.
A still more disturbing issue is that such exploit kits used for attacks are simple to convert into automated software that when loaded onto any website, contaminate PCs of unwitting Web-surfers.
...
