A number of security experts warn that businesses which fail to update from Java 6 on their systems are vulnerable to attack.
The final fix for the out-of-date Java 6 platform was released by Oracle in April. The bug, CVE-2013-2463, is rated as "critical," and is described below:
"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D."
Read more at: Java 6 users vulnerable to zero day flaw, security experts warn | ZDNet