Hi mchain,
In general terms yes, most exploit kits have exploits for adobe, flash and outdated java versions or even zero-days as just recently. As avast officially is not fond of recommending to uninstall java, some here feel strongly about this like essexboy and others. But java is not the only culprit of a lot of malware misery, also malicious javascript used here, like other scripts could be seen as at the root of the majority of infections. So the user of a browser is well protected with a script blocker, like NoScript in fx or similar protection in Google Chrome, together with the Kiss Privacy extension. Blackhole kit uses a ready made mix of the most succesful methods to infect the browser of those by redirecting to a so-called blackhole landing site.
And yes, some evil tongues have it that java coders need the odd flaw to be assured of new support contracts as java is found up everywhere, but I think that is a joke. But jokes aside, I hope they come up with some good new security strategy, like with a good sandbox to keep the code in line. But with a lot of code in software there are a lot of lines of codes and a lot of possible bugs. E.g. Win 7 has so many lines of code that there must be room for thousands and thousands of bugs, as fuzzers are running on a daily basis, some are bound to be found up and hopefully fixed before being abused,
polonus
