engine - 5:20 pm on Mar 27, 2013 (gmt 0)
I know that many "in-the-know" disable Java. Those that don't know, clearly, are in the vast majority.
Most browser installations use outdated versions of the Java plug-in that are vulnerable to at least one of several exploits currently used in popular Web attack toolkits, according to statistics published by security vendor Websense.
The company recently used its threat intelligence network, which monitors billions of Web requests originating from “tens of millions” of endpoint computers protected by its products, to detect the Java versions that are installed on those systems and are available through their Web browsers. Java-Enabled Browsers Not Up-To-Date and Vulnerable To Java Exploits [pcworld.com]
The Java telemetry data gathered by Websense showed that only 5.5 percent of Java-enabled browsers have the most up-to-date versions of the software’s browser plug-in—Java 7 Update 17 (7u17) and Java 6 Update 43 (6u43)—installed. These two versions were released on March 4 in order to address a vulnerability that was already being exploited in active attacks at the time.