The latest version of Java – Version 7 Update 6 – has several vulnerabilities, one of which a proof-of-concept exploit has been released in the wild. Rapid7, owners of the Metasploit Framework, already has a working update to exploit the vulnerability.
It seems that Oracle knew of the vulnerabilities since April of this year and as of today, they remain unpatched. A lot of developers believe that Oracle has not been friendly to software projects of Sun, such as Java, MySQL and Open Office, and this is just one piece of evidence to suggest that. We would not be surprised, as Oracle acquired Sun for their hardware business.
We suggest disabling Java in your browsers until the vulnerabilities are patched and run it only on trusted, signed sites. Mozilla Firefox’s latest update is already blocking the unsafe versions of Java by default.
Be safe out there.
Update: Oracle has fixed the critical vulnerabilities. We recommend that you apply the patch as soon as possible. You can read more about the fix here.
It doesn’t appear that all the vulnerabilities identified by researchers have been addressed and we hope that those fixes will be forthcoming before the next proof-of-concept exploit is released.



