Security firms are being none too gentle with Oracle's Java following the revelation this week that
attackers are using two unpatched Java vulnerabilities to compromise selected targets. The most common advice: Uninstall the Java plug-in in your browser and don't use services that require the software.
On Monday, security firm FireEye revealed that a customer had been attacked with a previously unknown vulnerability. Yet
Oracle already knew about the security issue and apparently had an update at the ready to be released on its regularly scheduled patch day in October. With reliable exploits for the vulnerabilities rapidly being adopted by security researchers and cyber criminals alike, the company
rushed out a fix for the flaw on Thursday.
