According to security experts, Oracle's Java patch resolves the multiple "zero-day" vulnerabilities currently being exploited by attacks in the wild. However, it also --which was discovered and reported to Oracle earlier this year--that could allow an attacker to bypass the Java sandbox protection and execute malicious code on the target system.

Oracle's Java has become the new low-hanging fruit. Attackers used to target in the security chain, but Adobe has worked diligently to improve the security of its products, and--more importantly--the speed and predictability of its patches and updates. As a result, the focus has shifted to Oracle, and Oracle seems ill prepared to respond.

The alleged zero-day flaws exploited by attackers aren't truly "zero-day." The vulnerabilities were discovered and reported to Oracle in April. Oracle ostensibly planned to address them at some point--hopefully in the routine update scheduled for this fall. It seems evident that leaving critical flaws open for months gives attackers too much time and leaves customers at a distinct disadvantage.

Security Explorations--the Polish security researchers who raised the alarm over the flaw contained in the new Java patch--says that Oracle has quite a few more unpatched vulnerabilities on its plate. Out of this year, 25 of them are yet to be addressed.

You should definitely have some sort of anti-malware or general security tool in place across all of your devices--Windows and Mac PCs, smartphones, and tablets. Security tools can often detect unknown threats by identifying certain malicious behaviors, and security vendors are generally much faster at responding to detect and block new threats to protect you while you wait for a patch for the affected products.