A zero-day exploit against the latest version of Java is reportedly up for sale on online cybercrime forums.
The seller had asked for a five-figure sum for the exploit which targeted a vulnerability within the Java Class MidiDevice.Info, Krebsonsecurity reported.
The exploit was reportedly successfully tested against Java 7 Update 9 running on Firefox and Internet Explorer on Windows 7 machines, and would be sold only once.
It was the latest in a string of attacks against Java, considered by many to be a security risk due to its complexity, popularity and that it runs cross-platform.
The recent attacks have spurred security experts to recommend uninstalling Java from web browsers unless it is needed, while Apple last month removed the Java plug-in from Safari.