- V3 Apps
Oracle and Apple have released an update to address the latest zero-day vulnerability in the Java platform.
The update patches a vulnerability which had been spotted in the wild being targeted for exploits. The remote code execution flaw was being targeted to perform drive-by malware attacks.
Oracle had been notified about the flaw by researchers with security firm FireEye, before publicly disclosing the vulnerability and revealing its active exploit in the wild.
Users running Windows and Linux systems can obtain the security update from Oracle, while OS X users can obtain the fix through Apple's Software Update component. Because the flaw is being targeted in the wild, Oracle is advising users to update their systems as soon as possible.
The company noted that the flaw is only present in client versions of Java. Administrators will not need to update their Java servers to protect against attack.
The update is the latest in a long line of zero-day vulnerabilities and high-profile flaws to be exposed in the Java platform in recent months. According to a 2012 report from Kaspersky Lab, Java is the most popular target for the growingly popular line of automated exploit kits.
As the list of flaws and number of attacks has piled up, vendors have begun advising users and administrators to consider disabling Java altogether. Researchers have noted that for many users, the platform is seldom used.
For users who do require Java, experts have suggested mitigation measures such as keeping a secondary browser on hand for Java applications.