On Sunday January 13th Oracle released two patches for Java Security Alert CVE-2013-0422 which included two vulnerabilities. Oracle confirmed that the flaws were only present in Java 7 versions and did not impact Java on servers, Java desktop applications, or embedded Java. Java is used in 3 billion machines, about 2 billion of which are desktop or laptop computers.
In August of last year, Oracle issued an urgent fix to seal a dangerous security flaw within its Java software that’s left thousands of computers wide open to malicious attacks from hackers. Now on the heels of Sundays patch there is again a new Java exploit. The new exploit is how ever selling on the Black market for $5000. The vulnerability was found less than 24 hours after Oracle released its Sunday patch.
The zero day exploit was sold to two people threw an underground forum. The media and internet attention Oracle has received over Java will assure users that we can expect a patch very soon. I recommend users disable Java in there web browsers until this Java exploit has been once again patched.