Java Zero-Day Threats
Oracle took a beating in 2012, and in the first half of 2013, with attackers targeting its ubiquitous Java software. In January, attackers targeted a zero-day flaw in the Java browser plug-in. A second Java zero-day flaw was outed in February. IBM noted that researchers saw the threats increase significantly once the zero-day was made public because cybercriminals quickly integrated the exploit into their automated attack toolkits. Most consumers can disable Java, eliminating the threat, but business applications and corporate systems commonly require Java for extensive functionality. Oracle has taken action, issuing security improvements to Java to mitigate the risk of future attacks.