Computerworld: Oracle has released an out-of-band update for Java that addresses a zero-day vulnerability. Earlier this week, researchers went public with news of ongoing attacks that exploited the bug, leading some to recommend that organizations disable Java on their networks. However, security experts from Rapid7 and other firms have confirmed that the update is effective against those attacks. "It appears that it's effective in blocking the exploit," said Rapid7's Tod Beardsley.
Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations, said that he had informed Oracle of the vulnerability in April of this year. He "was glad" that Oracle didn't delay the release of the patch until October, it's next scheduled update for Java. "We hope that out-of-band patches will become more common and will be used whenever a need arises to protect users of Oracle software," he added.