A recently discovered zero-day vulnerability in Java had put thousands of computer in imminent danger. The vulnerability had significantly enhanced the success rate of Blackhole kits. Now, Oracle has finally released a patch to fix this vulnerability.
In the past few days, ever since the vulnerability surfaced, security researchers have repeatedly warned about the seriousness of this exploit. Different security firms affirmed that anyone making use of Java on their browsers was vulnerable to being exploited by hackers.
Another discussion that ensued was that Oracle was rather quiet about the whole thing and hadn’t responded officially to it. In fact, a security research firm claimed that it had informed Oracle of this new vulnerability months ago, back in April. But Oracle ignored the warning.
This claim by the firm raised a lot of questions as to why Oracle wouldn’t want to patch a rather critical security vulnerability. The vulnerability has already been used by hackers for thousands of attacks in the past few days, ever since it became publicly known.
The good news, finally, is that Oracle has quietly rolled out a security patch. The security patch was originally scheduled for October but apparently to tackle this current crisis, the company released it earlier. Although the company didn’t directly admit that the vulnerability was known and that it should have been patched earlier, it does cite the risks it can cause and offers a security patch.