Are we really vulnerable... or is the admonition to perform updates a catchall for out-of-date plugins? What I mean is, do these plugins really miss a new vulnerability every other week, or is the term "vulnerable" used to mean that there is a newer release available and you should just update it later, because maybe this release fixed something. I really want to know when cyber creeps have unleashed a new round of havoc via bad code in the plugins. However, I don't have the time to chase updates in Acroread or Java every week. Besides, after every series of updates, I always need to open up Microsoft Autoruns and disable their self-installed processes to call home and check versions whenever I boot up. I'm sorry, but any updating will be done by me when I'm not late for something at work. I can't say how many times my computer is stalled checking for new versions (and downloading and installing them while I'm trying to do accomplish something!) So if these vulnerabilities are just a reflection of there being a new version available, I'll research and weigh my options for the day and just avoid vulnerable sites for a couple weeks (that's a joke - I always avoid vulnerable sites and have never gotten a virus). However, if these really mean that bad guys are actively deploying malware, I'll take them more seriously. I know how to manage the risks if I know what this message means. One might wonder why plugins to display images and documents would be so vulnerable anyways. Is there really code in them that says "ok, the document is displayed, is there anything else the server side would like us to run on the client PC?" :) Looking at the recent Apple QT versions, they're not clear if the "arbitrary code" that gets run is that the PC will continue to execute random stuff in memory (which is more likely to lead to a crash) or if it's code placed in the image that will get executed. Thanks in advance for clarifying...