Oracle releases fix for Java zero day exploit

Oracle has released a patch for a major security flaw in Java. The issue, a zero-day flaw, was reportedly being widely exploited by attackers 

Writing on Oracle's Software Security Assurance Blog, Eric Maurice said the fixes include switching Java security settings to High by default.

This, Maurice says, "requires users to expressly authorise the execution of of applets which are either unsigned or self-signed."

If users visit malicious websites, they will be notified before an applet is run and be able to deny execution of a potentially dangerous one. This is in order to stop so called drive-by attacks where users' systems are infected without their knowledge.

Maurice says Oracle recommends that the fixes are applied as soon as possible because the security flaws that were reported to the company in August and September last year are being exploited in the wild. 

According to Oracle, the vulnerabilities affect all versions of Java 7 and not server, desktop apps or embedded variants.

However, the United States National Vulnerability Database advises that versions 4 to 7 are all vulnerable to the security hole.

As a result of the zero-day exploit, both Apple and Mozilla have taken steps to protect their users against attacks.

Mozilla has enabled Click To Play for recent versions of Java, which means the plug-in won't load unless users expressly click to enable it.

Apple meanwhile rolled out a malware definition two days ago that blocks the Java plug-in for OS X, Mac Rumours reports.

Last year Apple OS X users were hard hit by an earlier Java security hole that saw over 600,000 Macs being hijacked and utilised in a botnet.