Security company VUPEN
revealed a vulnerability in Java’s Preloader in early July that’s quite likely the same one being integrated into cyber criminals’ exploit kits.
According to VUPEN’s report, the vulnerability is “caused by a design error in the Java click-2-play security warning when the preloader is used, which can be exploited by remote attackers to load a malicious applet (e.g. taking advantage of a Java memory corruption vulnerability) without any user interaction.”