

Oracle releases patch for Java vulnerability - SanderMak
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

======
0x0
Why does the flaw not affect "servers or standalone Java desktop applications"
(according to these release notes)?

What if either of those are running applications that allow sandboxed
downloadable plugins from the internet or otherwise rely on security managers
to safely run untrusted code?

~~~
SanderMak
I think they phrase it that way since SE apps run with no SecurityManager by
default. But yeah, I can see where you're coming from.

