Criminals are increasingly exploiting a critical hole in the Java Runtime Environment (JRE) to infect computers with malicious code when users visit a specially crafted web page. The hole that was patched by Oracle in mid-February allows malicious code to breach the Java sandbox and permanently anchor itself in a system. Users can protect themselves by installing or updating to one of the current Java releases: Java SE 6 Update 31 or version 7 Update 3. A new exploit that uses an unpatched (zero day) critical Java hole is circulating on underground forums.”]