Vulnerabilities in Java are highly common and, over the past months, organizations have taken serious steps to neutralize cyberattacks that exploit the security holes found in this piece of software. However, it appears Yahoo! is swimming against the current and feeding its customers a highly outdated version of Java.
Journalist Brian Krebs has discovered that Yahoo! SiteBuilder, the free website creation tool, installs Java 6 Update 7 on users’ computers.
This version of Java was launched in the summer of 2008, the latest version being Update 39.
It’s uncertain if Java 6 Update 7 is the only version on which the site builder app works, but that’s highly unlikely. The more plausible scenario is that Yahoo! has simply forgotten to update the Java installer along with the application.
At the time of writing, SiteBuilder still attempted to install Java 6 Update 7, so I would advise you to avoid using the app until everything is sorted out.
In the meantime, I’ve requested comment on the issue from Yahoo! representatives. I'll update this post when they reply.