Oracle has released an urgent fix for the zero-day flaws that plagued its Java software platform.
The business software giant explained that the update patches four vulnerabilities, which include zero-day vulnerabilities actively exploited by attackers off the radar.
Oracle highly recommends for web administrators and users to download the update on their computer systems and immediately repair the flaws in Java 6 and Java 7.
The company said that systems compromised by the vulnerabilities could grant access to remote attackers who can execute code on targeted systems.
Oracle added that standalone Java apps and server installations are safe from the attack.
Intended for an earlier release, the fix is an out-of-band security update – a release generally published when actively targeted zero-day flaws attack a particular area of software.
Security analysts criticized Oracle for its slow management of the longstanding issue, and claimed it found the flaw but remained tight-lipped for months without offering a fix.
Companies with systems independent of Java had better limit exposure to the flaws by disabling the component, said Sophos security consultant Chester Wisniewski.
“The bigger question is, ‘Do you really need Java?’ If you can get by without it, you should,” Wisniewski wrote in a company blog post.
“That is true for any application that interfaces with the internet. Fewer programs means fewer vulnerabilities.”
Image: Scott Schiller via Flickr (CC)