In an attack scenario, hackers could either embed an infected Java applet in a legitimate site ... which can subsequently be used to exploit vulnerabilities in that older version.