The Internet is still buzzing (like that: http://www.facebook.com/photo.php?fbid=10151133269844183&set=p.10151133269844183&type=1&relevant_count=1) with the echoes of recent Oracle’s fail-streak. If you have no idea what has happened recently, you can check some details here: https://www.computerworld.com/s/article/9230812/Researchers_find_critical_vulnerability_in_Java_7_patch_hours_after_release
Short version for lazies:
- On April 2012, a severe vulnerability has been detected in Java 7 and reported to Oracle.
- It took few months for Oracle to release the fix - they did it just few days ago, when they realized that some exploits are already gaining worldwide “popularity” in the Internet (released somewhere in China).
- Unfortunately it appears that even if the fix truly solved the original issue, it has opened another severe vulnerability that was detected on the very same day patch was released!
- How can my computer get infected? Few conditions have to be met:
- Faulty version of JVM installed
- Java plug-in enabled in the browser
- Opening the malicious page in the browser (each day there are more and more)
You can check if your computer is vulnerable to those exploits by trying the following website: http://www.isjavaexploitable.com/. According to unauthorized calculation based on some unconfirmed Oracle data, even 1 billion (YES - 1_000_000_000!) computers may be vulnerable.
Obviously such situation happen and will happen in the future as well. There are no safe solutions and bug-less software, so it happens to all the vendors - but the carelessness Oracle expressed during all those months is very disturbing.