Hi forum members,
American and Australian CERTs warn against an old flaw in the Sun Java Runtime Environment, where a Java applet can bypass security settings to enable code injection and eventually remote control. The Java flaw was patched late November, but according to the CERTs there are websites actively misusing the flaw.
See: http://isc.sans.org/diary.php?storyid=1039
polonus