Oracle isn't done releasing patches for Java SE this month, as another batch will arrive on February 19, according to a company blog post.
A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday.
Oracle says Java 7u13 addresses 50 flaws, many of which left systems vulnerable to remote exploits.
Java's new security settings, designed to block "drive-by" browser attacks, can be bypassed by hackers, a researcher announced Sunday.
Beset by some very public vulnerabilities in Java, and apparently unable to properly patch those bugs, Oracle must dramatically step up its security game, experts said.
Researchers from Security Explorations claim to have found two new vulnerabilities in Java 7 Update 11 that can be exploited to bypass the software's security sandbox and execute arbitrary code on computers.
Trend Micro has spotted a piece of malicious software that masquerades as the latest patch for Java, a typically opportunistic move by hackers.
Another previously unpublicized flaw in Java threatens the security of millions of PCs that may still have the application running on it.
Oracle has released Java 7 update 11, which addresses a Zero Day flaw that enables intruders to install malware on vulnerable systems. However, users are still advised to reconfigure the software so that Java does not run automatically.
The company says it will release a patch that will fix 86 vulnerabilities in Java 7.