Oracle Releases Patch to Address Security Vulnerability in Java 7
Although Oracle was reportedly warned of the issue months ago and apparently did not take significant action to protect users until it became public, the company has now moved quickly to address the problem with today's announcement regarding the release of Java SE 7 Update 7. The release addresses the specific vulnerability disclosed earlier this week as well as several others, and the company has also released Java SE 6 Update 35 to address a separate issue with the earlier version.
If successfully exploited, these vulnerabilities can provide a malicious attacker the ability to plant discretionary binaries onto the compromised system, e.g. the vulnerabilities can be exploited to install malware, including Trojans, onto the targeted system. Note that this malware may in some instances be detected by current antivirus signatures upon its installation.The updated versions of Java are available though Oracle's Java download page.