What are some of the most exploited security holes in java world?
posted 2 years ago
At this point the most widely exploited holes seem to be in Java's web browser plugin. They allow attackers to escape Java's security sandbox and run web apps with the same privileges that the browser uses. Java code that does not use Java's SecurityManager are (usually) not vulnerable to these exploits.
I blogged about this issue earlier this year.