Oracle releases Java 0-day vulnerability security patch

Yesterday we highlighted the Java 7 0-day vulnerability (CVE-2012-4681) that necessitated immediate attention by disabling the Java plug-in. Oracle has now addressed this vulnerability by releasing a security patch that users should install on an immediate basis.

In the past, Oracle has only released updates once every 4 months. Hence it was expected that this specific update would only be available to users by October. By breaking this update cycle Oracle has acknowledged the seriousness of this vulnerability and the risks involved.

We advise everyone to immediately install this update as the number of related attacks have increased considerably. There are several websites that have already been compromised and can potentially launch malicious Java applets to infect visiting machines.

The Oracle security update can be downloaded by visiting this link. The update patches this particular 0-day vulnerability and also addresses 2 other minor vulnerabilities. Here is an image of the screen one will see and the option to select.