Oracle patches widespread Java zero-day bug in three days (Updated)

Earlier this week, a security hole in the latest version of Java was being "massively exploited in the wild." Hackers were turning compromised websites into platforms for installing silent keyloggers or other malicious software. And at the time news broke, even fully patched Java installations were at risk.

Today however, KrebsOnSecurity reporter Brian Krebs is reporting Oracle finally shipped its critical security update. Java 7 Update 11 fixes this sticky situation and it's available both via Oracle’s website and through the Java Control Panel in an active program.

Krebs reports this update changes the way Java handles Web applications. From the company's advisory:

Read 2 remaining paragraphs | Comments