Summary: As OS vendors get better about patching their own flaws, malware authors are increasingly turning to third-party code to get their dirty work done, and Java is high on the list. It’s easy to say, “Just don’t use Java,” but what if a program you use requires it? I’ve got a list of problem apps and solutions.
The criminals who
successfully infected 600,000 Macs with the Flashback malware (aka Flashfake) could just as easily have trained their guns on Windows or Linux users.
That’s the problem with exploits that target vulnerabilities in cross-platform runtimes like Flash Player and the Java Runtime Engine (JRE). Even if your operating system is fully up to date, an unpatched vulnerability in that third-party code can lead to havoc.