The “new” vulnerability isn’t even new either. According to Security Explorations the new problem is related to one that was sent to Oracle back in April of this year. The difference is that so far there are no examples of this flaw in the wild. Many in the industry are very frustrated with Oracle right now. They did the right thing by pushing out a patch out of cycle, but by not including fixes for all of the issues that are outstanding in their Java software they are still leaving users exposed.
After Oracle bought Java may felt that the powerful widely used software would be neglected by Oracle (some even felt the acquisition was more for legal positioning than anything else). For the most part they have been accurate. We have watched as Oracle has left Java slip in terms of security and performance. It has to be said that Java was never the most secure plug-in out there, but with some work it could have been brought up to par and even improved on. For now you might still want to be careful with the Java plug-in enabled in your web browser and site owners might want to look into other options for some of the background functionality that makes sites fast. It is possible that with Java falling behind, Flash moving to Air, and Microsoft ditching Silverlight we might all end up running HTML 5 much sooner that we thought. Of course the big problem there is that HTML 5 still has a listing of over 50 major security flaws, so it almost looks like there is no best option for web browsing these days.
Discuss this in our Forum