This particular attack doesn't even involve a Java exploit. The weak point here is users who are accustomed to clicking "allow" on any security warnings without reading them.