Almost 80% of more than 3,000 software security flaws publicly reported so far this year have been in Web technologies such as Web servers, plugins and Web browsers. That number is about 10% higher than the number of flaws reported in the same period last year and nine out of 10 of the flaws were found in commercial code. Apple today released a fix to stop the latest variant of the password-stealing malware, including a serious hole that allowed an untrusted Java applet to help spread the malicious code.
Source: https://threatpost.com/web-security-flaws-10-2009-111009/73075/