A new exploit for a previously unknown and unpatched Java vulnerability is being actively used by attackers to infect computers with malware, according to researchers from security firm FireEye.
Oracle wants an appeals court to rule that Google's commercial use of Java in a market where Oracle was already competing was not fair use.
Oracle isn't done releasing patches for Java SE this month, as another batch will arrive on February 19, according to a company blog post.
A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday.
Oracle says Java 7u13 addresses 50 flaws, many of which left systems vulnerable to remote exploits.
Java's new security settings, designed to block "drive-by" browser attacks, can be bypassed by hackers, a researcher announced Sunday.
Beset by some very public vulnerabilities in Java, and apparently unable to properly patch those bugs, Oracle must dramatically step up its security game, experts said.
Researchers from Security Explorations claim to have found two new vulnerabilities in Java 7 Update 11 that can be exploited to bypass the software's security sandbox and execute arbitrary code on computers.
Trend Micro has spotted a piece of malicious software that masquerades as the latest patch for Java, a typically opportunistic move by hackers.
Another previously unpublicized flaw in Java threatens the security of millions of PCs that may still have the application running on it.