We're here again, with another exploit to watch out - this time with security researcher Adam Gowdiak discovering a new zero-day vulnerability in Java. This new bug is said to be in currently-supported versions of Java, such as Java 5, Java 6, and Java 7 and has the ability to allow attackers to install malware on close to 1 billion systems (based on the installation numbers from Oracle themselves).
This exploit affects both Macs and PCs, meaning that any Java-powered PC is at risk. Right now, the exploit doesn't pose much threat to the general public, but Gowdiak who is known for finding similar issues within Java, has said that he isn't currently aware of any active attacks that exploit this particular vulnerability.
Gowdiak found the exploit last week and has spent the last few days testing a proof-of-concept before he revealed the exploit to Oracle. Oracle has since confirmed that the vulnerability with Gowdisk, and have said that it will be fixed in a future security update. Oracle haven't given a date on when this update will be pushed out, but the next scheduled update is a while way - October 16.
Gowdiak decided to go public with his discovery, but hasn't exactly said how to find the exploit - hoping it would pressure Oracle to patch it sooner, instead of waiting three more weeks. What I don't understand is, with 1 billion people at risk, it is pretty poor of Oracle to not push something out now, instead of waiting until October 16. Now that this is being posted on mainstream tech sites, hackers are probably rubbing their hands with glee looking for the exploit as we speak.