Apple on Thursday released a large batch of security fixes for its OS X operating system, one of which patches a flaw thatallowed Java Web Start applications to run even when users had Java disabled in the browser. There have been a slew of serious vulnerabilities in Java disclosed in the last few months, and security experts have been recommending that users disable Java in their various browsers as a protection mechanism. However, it appears that measure wasn't quite enough to protect users of some versions of OS X.

http://apple.slashdot.org/story/13/0...isabled-plugin