Less than a week after Oracle released a scheduled security update for Java, an exploit that takes advantage of one of the patched bugs has been added to a popular exploit toolkit.
Researchers at security firm F-Secure said that on Sunday they first witnessed signs of ongoing attacks, which take advantage of a vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17. The exploit has been added to commercially available exploit toolkits, including RedKit.
Oracle's Java chief proposed Thursday delaying the release of Java 8 to focus more efforts on securing Java 7.
Apple on Tuesday patched Java for the aged OS X Snow Leopard and tweaked Safari to give users more control over what websites they let run the vulnerability plagued Oracle software.
Oracle on Tuesday shipped an update for Java 6 and Java 7 to patch up to 42 bugs -- the number depends on the version and platform -- for Windows and OS X. Because Apple maintains Java 6 for OS X -- unlike Java 7, which Oracle handles -- it followed with its own update.
Allow me to begin with an emphatic statement: if you have Java on your computer then get it off now! Oracle released its latest round of security patches for the incredibly buggy, and surprisingly still popular, platform, with numerous new holes waiting to either be patched or exploited.
When word came down of the latest fixes and I mentioned it in the BetaNews newsroom, our president Scott Alperin could utter only "seems like time to put PC-side Java out of its misery". Indeed.
In response to discovering that hackers were actively exploiting two vulnerabilities in Java running in Web browsers, Oracle has released an emergency patch that it says should deal with the problem.