Msg#: 4393662 posted 12:32 am on Dec 3, 2011 (gmt 0)
Security community Metasploit took a recent look at this vulnerability, and found that the exploit, described as "a big one," is run completely and successfully on all systems running Java prior to version 1.6.0_29-b11, including Windows XP, Windows 7, Ubuntu Linux, and Apple's OS X.
On all platforms, only Google's Chrome browser gave any notification that a Java applet was running; other browsers like Safari, Internet Explorer, and Firefox gave no indication at all. Regardless of this difference, the malicious applet ran easily and successfully in all browsers.
According to Krebs on Security, the exploit "should not be taken lightly by any computer user," since Java is installed on more than 3 billion computing devices worldwide. Krebs cites Microsoft's Tim Rains as mentioning that Java-based exploits were the most common ones seen on computer systems in the first half of 2011, suggesting that hackers would be eager to get their hands on this current exploit.