2012 was not a good year for Oracle. After losing a major lawsuit against Google, the company had to deal with a dangerous zero-day exploit that was found in Java. It fixed the problem, but a new exploit is always around the corner.
Originally spotted in the wild by @kafeine, other security research teams, including AlienVault Labs, have confirmed that a new zero day exploit has been found in Java. This particular exploit looks like it can hijack your PC into executing malicious code. It seems that one group is even using the exploit to install ransomware on affected PCs.
So, what can you do to protect yourself from this particular exploit? The easiest solution is to just disable Java in your browser. Since it seems to affect all browsers and all operating systems, there's really not much else you can do.
The good news is that Oracle is already working on a fix. According to @kafeine, Oracle has already assigned a security ticket to the exploit. While that's nice and all, there's still no word on how long it's going to take to patch. Oracle could even wait until its next Patch Tuesday to issue the fix leaving millions of PCs in limbo until then.
Despite the severity of the exploit, it's not that surprising. In a report from AVG earlier this month, the security company said that Java would remain the most exploited software on PCs. It's unfortunate that the report has already proven itself accurate so soon in the new year, but perhaps this will push Oracle to stay one step ahead of hackers that look for these exploits.[h/t: Sydney Morning Herald]