Security firms are being none too gentle with Oracle's Java following the revelation this week that attackers are using two unpatched Java vulnerabilities
to compromise selected targets. The most common advice: Uninstall the Java plug-in in your browser and don't use services that require the software.
On Monday, security firm FireEye revealed that a customer had been attacked with a previously unknown vulnerability. Yet Oracle already knew about the security issue
and apparently had an update at the ready to be released on its regularly scheduled patch day in October. With reliable exploits for the vulnerabilities rapidly being adopted by security researchers and cyber criminals alike, the company rushed out a fix
for the flaw on Thursday.