Oracle’s Java software apparently still isn’t fixed, despite numerous warnings about its vulnerabilities and several major patches the Redwood City corporation has issued in response.
On Monday, Security Explorations — the Polish firm that has discovered many of the flaws — reported finding five more vulnerabilities in the widely used Java.
That followed Thursday’s revelation by security firm FireEye that cyber villains are continuing to use Java’s weaknesses to launch “zero-day” attacks, which exploit previously unknown vulnerabilities.
We detected a brand new Java zero-day vulnerability that was used to attack multiple customers,” FireEye reported. “Specifically, we observed successful exploitation against browsers.”