Disclosure of Java zero-day prompted Oracle patch, says researcher

31.08.2012
Oracle released an emergency patch on Thursday for previously unknown Java vulnerabilities that cybercriminals had targeted with popular exploit kits within hours after the bugs' existence became public.

The that affected only Java 7, the latest version of the software platform, also included fixes for two other vulnerabilities in Java 6. But the Java 7 flaws, which became , were the most critical.

"Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2021-4681 in the wild, Oracle strongly recommends that customer apply the updates provided by this security alert as soon as possible," the company said.

[See also: ]

The vulnerabilities affected all the major web browsers running Java 7, including Google Chrome, Microsoft Internet Explorer, Apple Safari and Mozilla Firefox. Chrome was less vulnerable because by default, it asks users before running a Java applet, giving them the opportunity to block a malicious install.

In general, a cybercriminal could exploit the bugs by tricking a victim into clicking a malicious link on a hijacked Website or a site run by the attacker.