Oracle has released a new version of Java 7, Update 17
. The patch is being released early, Oracle says, to cope with a security hole that is being "actively exploited by attackers to maliciously install the McRat executable onto unsuspecting users' machines." The vulnerability was made public late last week
. It also fixes a second, previously undocumented flaw, believed
to be likewise connected to Java SE's 2D component.
Correspondingly, Apple has posted Snow Leopard
and Lion/Mountain Lion
versions of Java SE 6. In each case, the releases bring Java up to v1.6.0_43.
A Polish security company, Security Explorations, today sent Oracle notice of five more vulnerabilities. Oracle says it has received the report, and is investigating. Numerous new exploits have been discovered in Java since the start of 2013; while Oracle has already switched to an accelerated update schedule, it has been forced to post a collection of emergency updates as well, especially as Apple has been periodically disabling Java in OS X when new problems are found.