Kasperky's top ten exploits for the third quarter of 2012 show Java vulnerabilities being exploited for more than 50% of online attacks. In addition, the report also criticizes the update mechanisms for Java and Flash reader.In my opinion, using something like Secunia's PSI might be helpful.
Java vulnerabilities were exploited in more than 50% of all attacks. According to Oracle, different versions of this virtual machine are installed on more than 1.1 billion computers. Importantly, updates for this software are installed on demand rather than automatically, increasing the lifetime of vulnerabilities. In addition, Java exploits are sufficiently easy to use under any Windows version and, with some additional work by cybercriminals, as in the case of Flashfake, cross-platform exploits can be created. This explains the special interest of cybercriminals in Java vulnerabilities.