Not made public until just today, but detected in June by Finnish security researcher Jouko Pynnonen, a flaw
in Sun Microsystems's plug-in for running Java on a variety of browsers and operating systems could cause a nasty virus. In a nutshell, the security flaw allows a malicious Web site to run a java applet free from security protections.
"It allows execution of attacker-supplied code without user interaction (apart from viewing a Web page) which usually means a "critical" classification."
A problem on the PC is certainly confirmed (Linux and Windows), but the jury is still out as to whether the Apple is similarly affected, given that Java is a cross platform language. Java was patched last month by Sun Microsystems, but details of the flaw were not made public until today. According to the Pynonnen, the flaw can be used to create exploits which can do anything the victim normally could, including browse, modify or run files, upload more programs to the victim's system.