Yahoo! has updated the four-year-old Java package it bundled with the SiteBuilder application that contained hundreds of vulnerabilities.
The company targeted the SiteBuilder web site application at small businesses which would be exposed to a litany of dangerous remote attacks if they installed the Java package and then declined automatic updates for the product.
Java vulnerabilities are found in many exploit kits and underpin scores of attacks. So bad are the security risks that users are advised to disable the product if possible.
|Get the latest on Java risks and updates.|
Yahoo! had shipped Java 6 version seven, krebsonsecurity reported, which Adobe released in early 2008.
The latest update, version 39, was shipped earlier this month and alone corrected 50 security flaws from the previous version.
SiteBuilder now bundles the latest Java offering, SC has found.
Yahoo! will update the Java package to version 7 at the end of the month at which time support for version 6 will end.