Multiple vulnerabilities existed in Java 1.6.0_51, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.

Fourth, the Java Security Manager, which provides support for running applets by sandboxing untrusted downloaded code, will be removed with the JDK 24 release in March.

Java’s code-signing requirements have proven to be a bust, security researchers say, and now even longtime developers are losing faith in the programming language.

Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.