Java zero day vulnerability

Java 7u11 Update Addresses Only One of Two Zero-Day Vulnerabilities

Microsoft can take some solace that it is not alone in sending out security updates that don’t fully address a zero-day vulnerability. A researcher at Immunity Inc., put Oracle on a similar hot seat this week when he reported that a recent out-of-band Java update repaired only one of two Java flaws being actively exploited.

Oracle Leaves Fix for Java SE Zero Day Until February Patch Update

Oracle will not patch a critical sandbox escape vulnerability in Java SE versions 5, 6 and 7 until its February Critical Patch Update, according to the researcher who discovered the flaw. Adam Gowdiak of Polish security firm Security Explorations told Threatpost via email that Oracle said it was deep into testing of another Java patch for the October CPU released yesterday and that it was too late to include the sandbox fix.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.