It’s not only what you don’t know that kills you but also what you do know that ain’t so.
While your computer may seem to be running just fine you may have several applications that are vulnerable to attack and can lead to your computer being compromised.
Java is used by a number of legitimate web sites for delivering content from the web through your browser. Unfortunately, the bad guys have become pretty good at finding exploitable weaknesses in Java, allowing them to take control and push all kinds of nasty stuff onto your computer.
An example of this is Java vulnerability CVE-2010-4452. It exploits a design flaw in the Java class loader to execute an unsigned Java applet with local user rights. This exploit is currently being used to push Fake AV software onto unsuspecting users.
The good news here is update 24 fixed this weakness in February of 2011. The bad news is if you’re not keeping up with your updates, you are still exposed. And for those keeping score, the current Java update level is 26.
The criminals are taking advantage of users being lazy about fixing security holes. Where do you stand with your updates?