The company apparently was able to distribute a fix so quickly because it actually learned of this vulnerability on Feb. 1, but wasn't able to include a patch in the Feb. 19 update to Java.
Responding to a widening outbreak of Java malware, Oracle on Sunday dispensed an urgent fix for the latest version of the software platform.
Kaspersky researchers have detected that distribution of the exploit is at least in the thousands, with the majority of impacted users located in the U.S., Russia and Germany.
The vulnerability already has been added to commercially available attack toolkits, such as BlackHole and Nuclear Pack.
One day after Oracle released a massive security update, which included fixes for a number of Java vulnerabilities, Apple shipped its own update for Java for Mac OS X.
October 01, 2012
With billions of devices worldwide running Java, Oracle faced a debacle in August as the details for two zero-day exploits in its popular software were leaked and actively used in attacks.
The latest flaw affecting Java SE could allow an attacker to take over machines through a complete security sandbox bypass. But, so far, there have been no reports of active exploits.
Researchers believe the Nitro crime gang, also behind Oracle's Java zero-day exploit, launched recent attacks through a vulnerability in Internet Explorer 9 and earlier versions.
Security firm Security Explorations discovered the new vulnerability, which, when combined with other still-unpatched weaknesses in Java, could allow for a complete bypass of the Java Virtual Machine sandbox in the environment of the latest Java SE software.
Apple has released Java updates to patch vulnerabilities in Mac OS X Lion, Mountain Lion and Snow Leopard.
Hours after the company that maintains Java released a much-anticipated patch for a widespread malware attack, Polish firm Security Explorations said it discovered a new vulnerability in the software platform.
Patch alert: In a rare, if not unprecedented, move, Oracle on Thursday issued an out-of-cycle patch for gaping holes in Java 7 that have been widely exploited to spread malware.
In light of the fast-spreading Java 7 exploit, Mozilla has become the first browser maker to suggest users disable Java functionality.
As expected, exploits taking advantage of gaping holes in Java now are growing in prominence -- and the big question is: When will Oracle patch the issue?
A new Java exploit is expected to become more widespread now that proof-of-concept code has been published. Oracle isn't scheduled to update Java until October.
Detection rates for exploits against the vulnerability (CVE-2012-1723) are now overtaking attacks abusing a previous widely attacked Java bug (CVE-2012-0507), which was used to spread the widespread Flashback trojan that targeted Mac users.
A researcher investigated Java exploits, and drew on one well-know example, to explain how one of the most common classes of attack spreads.
The commercially available and automated BlackHole exploit kit has been updated to include exploit functionality for a recently patched Java vulnerability, and attacks are now happening in the wild.
Traditionally, Apple has taken some time to release updates for its own version of third-party software. But that may be changing if Tuesday's concurrent patches for Java are any guide.
A host of websites, including the U.S.-based Center for Defense Information, have been compromised with malicious code in order to target and infect visitors.
To further stop the spread of the Flashback trojan, Apple on Monday released two security updates for Mac OS X 10.5 (Leopard).
