Java exploits represent a common attack vector used by the bad guys to infiltrate vulnerable computers via the web browser. We wrote about the rise of Java exploits as early as 2010, and we haven't seen that trend decline. In fact, in the first quarter of 2013 alone, we've seen three Java remote code execution vulnerabilities being exploited in the wild: CVE-2013-0422, CVE-2013-0431, and CVE-2013-1493. In response, Oracle recently introduced a new security feature regarding the way unsigned Java applets and web start applications are run in the release of Java 7 update 11. The text in Oracle's release notes reads:
Synopsis: Default Security Level Setting Changed to High.
The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.
The rest is here.....