In a big fat blog post, Oracle has promised to work harder to make Java more secure. But given the flood of high-profile, heavily-exploited vulnerabilities that have bobbed to the surface, can Oracle save this piece of software from drowning in bad vibes?
Just last week you were congratulating yourself for patching your computer against a Java security hole.
Now another zero-day unpatched vulnerability has been found in Oracle's widely used software.
The security-beleaguered Java ecosystem usually gets updates just once every four months, in February, June and October.
But this year, Oracle has adapted that schedule a number of times, and this is one of them...
PWN2OWN 2013 finished off today.
A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...
Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers at PWN2OWN 2013.
Java fell three times today; Adobe's Flash and Reader meet their attackers tomorrow...
Oracle recently published an emergency update for Java, and Apple quickly followed suit for the version of Java it still officially supports.
Paul Ducklin tries to guess where Oracle's Java patch cycle will end up...
Have your joined thousands of others, and become a loyal listener to the "Chet Chat" yet?
Here's the latest Naked Security podcast, Sophos Security Chet Chat 103, discussing a range of recent and newsworthy topics from the world of computer security.
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
Oracle brought forward its February Patch Tuesday to provide an accelerated fix for some in-the-wild exploits.
But that meant leaving other less vital stuff out, so the pre-empted Patch Tuesday will happen after all, on 19 Feb 2013. Be there!
"Yet another Java update! Get it while it's hot."
This update was planned for 19 Feb 2013.
But Oracle brought it forward, citing the "active exploitation 'in the wild' of one of the vulnerabilities affecting...desktop browsers".
Apple's thrown in the towel on the Java mess and has, for the second time in two weeks, blocked all versions of Java on OS X 10.6 (Snow Leopard) and later.
If you're installing a critical security update on your computer, caused by the software vendor's sloppy code quality, you probably wouldn't dream that your software vendor is trying to make some money out of the inconvenience.
Serial Java fault-finder Adam Gowdiak has embarrassed Oracle yet again.
The Polish researcher is publicly bragging about two brand-new vulnerabilities he's found even since Oracle's most recent patch just a week ago.
Irrepressible cybercrime investigator and reporter Brian Krebs has written about yet another Java zero-day exploit.
This one, it seems, targets an exploitable vulnerability even in Oracle's most recent release, Version 7 Update 11, aka 7u11.
After the recent discovery of a zero-day vulnerability in Oracle's Java Web Start plugin Apple and Mozilla are now disabling Java by default until fixes are made available.
Last week Oracle released Java 7 update 10 to the world without fixing a single vulnerability. That doesn't mean there aren't serious security improvements though. New settings could make Java users much safer from here forward.
A new round of spams proclaims you have been charged for a large purchase from Apple.
All links lead to webpages infected with the Blackhole exploit kit. Be cautious with your online shopping this holiday season.
Naked Security's Paul Ducklin talks to the Risky Business podcast about Oracle's patching schedule, lawsuits against Sony after the PlayStation Network breach and how a mathematician unpicked Google's DKIM verifier.