Today, Oracle has confirmed that there is a zero-day vulnerability in Java 7 that was discovered earlier this week. The company has told Reuters that there will be a fix “available shortly.” However, no time was given as to when we are to expect this fix.
The vulnerability in question would allow for an attacker to execute code on a victim’s machine and is exploitable in every version of Java 7 up to release 10. This also goes for any open source equivalent normally found on Linux machines. The issue is so widespread that Apple has released an update to block Java usage and Mozilla has updated Firefox to block it by default as well.
According to The Next Web and Security Explorations, this issue could have been avoided if Oracle had correctly patched an old vulnerability from back in August 2012. There was a patch issued in October of 2012, but it did not fully correct the issue.