Hi, Ted.
This book seems very interesting and very relevant in light of all the vulnerabilities with Java and OS-X, will the book address any of these issues? This link describes what I am referring to. It is an article on ZDNet describing Java 7 OS-X Vulnerabilities
Are java security issues mainly with code jumping out of the 'security manager' or are there other serious security concerns to be aware of?
You will want to look at guideline 18 in the new book, entitled "Do not expose methods that use reduced-security checks to untrusted code". It describes why malicious code was able to jump out of the security sandbox. There were a large family of vulnerabilities of this form discovered in the last year. All of the "critical" Java vulnerabilities you have read lately were caused by malicious code jumping out of a sandbox.
There are many other security concerns, and they are covered by the rest of the book. Some of them contributed to the recent exploits (an exploit can and often does utilize multiple vulnerabilities).
Do you think it will take years to find all of the bugs in Java that create vulnerabilities similar to C? This is because of course since the C programming language is notorious for its buffer overflows.
It will take time, but the problem is different in Java than C. The 'severe' Java vulnerabilities came mostly from the core library, and that is Oracle's responsibility...they have a big cleanup task to do. While you yourself can build vulnerable code we haven't seen much vulnerable code being exploited that is *not* part of core Java. Contrast this to C where anyone can build code with buffer overflows (or other problems). To summarize, cleaning up C is a big task for every C programmer, cleaning up Java is a big task for Oracle.