Oracle Scrambling To Secure Java As Attack Toolkit Surfaces
Oracle continues to wrestle with security vulnerabilities in its Java software framework. The vendor rushed out an emergency update for Java early in the week, repairing two browser-related vulnerabilities, including one that is currently being exploited in ongoing attacks. Later, security researchers at Webroot uncovered a new automated attack toolkit that facilitates Web-based attacks targeting Java vulnerabilities.
Although both vulnerabilities have been patched by Oracle, miscreants are clearly setting their sights on Java and will likely continue to do so as long as some folks ignore their Java configurations.