Oracle Knew of Latest Java 0-Day Security Hole In August

An anonymous reader writes "After news broke on Thursday that a new Java 0-day vulnerability had been discovered, and was already being included in multiple popular exploit kits, two new important tidbits have come in on Friday. Firstly, this whole fiasco could have been avoided if Oracle had properly patched a previous vulnerability. Furthermore, not only is the vulnerability being exploited in the wild, but it is being used to push ransomware." Meanwhile, writes reader Beeftopia, the U.S. Department of Homeland Security is getting in on the action, and "has warned users to disable or uninstall Java software on their computers, amid continuing fears and an escalation in warnings from security experts that hundreds of millions of business and consumer users are vulnerable to a serious flaw."

Re:Burned

[aled]

the latest java updates have a feature to disable the Java Plugin. From the original article:
"As several readers have noted, Java 7 Update 10 ships with a feature that makes it far simpler to unplug Java from the browser than in previous. Oracle’s instructions for using that feature are here, and the folks at DHS’s U.S.-CERT are now recommending this method as well."

It amazes me how many people confuses the java runtime, sdk and the java pluging (that is the component that executes applets in browsers).