Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks. The patch comes less than a week after Sun told a Google researcher it did not consider the issue serious enough to warrant an out-of-cycle patch. The flaw occurs because the Java- plugin Browser is running javaws.exe without validating command-line parameters. The vulnerability was released by Google security researcher Tavis Ormandy.
Source: https://threatpost.com/sun-about-face-out-cycle-java-update-patches-critical-flaw-041510/73836/