Why are so many endpoints running multiple versions of Java? Because the Java installation and update process often does not remove the older, vulnerable versions, observed Bit9 CTO Harry Sverdlove.

Yesterday we noted Apple's release of Java Update 1.4.2 Update 1, as well as a reader report that a Java-based site that previously didn't work under OS X worked after installing the update.

But earlier update procedures installed a new version of the program without removing the older ones. Oracle later changed its Java update tool to make it remove the most recent version, the FTC says.