We continues to recommend users disable the Java program in their Web browsers, because it remains vulnerable to attacks that could result in identity theft and other cyber crimes and less than 24 hours after Oracle Sunday released a security update that addresses two critical zero-day vulnerabilities in Java that are being actively exploited by attackers, an online vulnerability seller began offering a brand-new Java bug for sale.
According to a report, a Java exploits was being advertised for $5,000 a piece in an underground Internet forum and the new zero-day vulnerability was apparently already in at least one attacker's hands.
The thread has since been deleted from the forum indicating a sale has been made, something sure to bring more concern to Oracle.Oracle can’t predict the future, and its engineers obviously can’t predict what exploits are going to be found in its software.
The most recent hold Java fixed allowed hackers to enter a computer by using compromised websites as the entry-point into Java. Once in the system, they could steal any information, or hook up the computer to a botnet or a string of infected computers that can be used to launch attacks against other computers.
The exploit is valuable because not only is it usable on the most up-to-date version of Java, which could remain vulnerable for weeks, if not months.