Oracle recently published an emergency update for Java, and Apple quickly followed suit for the version of Java it still officially supports.
Paul Ducklin tries to guess where Oracle's Java patch cycle will end up...
A security research team that has alerted Oracle to a series of security flaws in Java in the past, says that it has uncovered new zero-day vulnerabilities in the software.
Microsoft joins Facebook and Apple in the list of big companies who have suffered at the hands of malware-bearing hackers.
Shortly after admitting that its own techies got infected thanks to a Java hole, Apple has pushed out a Java update for the rest of us.
Apple, with this most recent update, seems to have washed its hands permanently of browser-based Java. Paul Ducklin explains...
Apple released a statement today acknowledging that they were victims of the same attackers that Facebook talked about last week. A zero-day Java vulnerability infected Apple Mac developers through a drive-by attack.
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
In The Social Network, the movie version of Zuckerberg could shout, "WE NEVER CRASH!"
I bet the real-life Zuckerberg wishes he could say, "We never get hacked..."
Oracle brought forward its February Patch Tuesday to provide an accelerated fix for some in-the-wild exploits.
But that meant leaving other less vital stuff out, so the pre-empted Patch Tuesday will happen after all, on 19 Feb 2013. Be there!
It's not Tuesday...
Nevertheless, Adobe's Flash Player has been upgraded to patch against two in-the-wild exploits against Windows and Apple users.
"Yet another Java update! Get it while it's hot."
This update was planned for 19 Feb 2013.
But Oracle brought it forward, citing the "active exploitation 'in the wild' of one of the vulnerabilities affecting...desktop browsers".
Apple's thrown in the towel on the Java mess and has, for the second time in two weeks, blocked all versions of Java on OS X 10.6 (Snow Leopard) and later.
Chester talks to Paul Ducklin in Sophos Security Chet Chat Episode 101.
Spend an enjoyable quarter-hour as our duo take on a range of security issues with their usual mixture of insight, expertise, scepticism, advice and occasional outright puzzlement.
If you're installing a critical security update on your computer, caused by the software vendor's sloppy code quality, you probably wouldn't dream that your software vendor is trying to make some money out of the inconvenience.
Only six weeks to go until PWN2OWN 2013, where you can hack the Big Four browsers and the Big Three plugins, and win over half a million dollars.
But is it just about the money?
Paul Ducklin investigates...
Here you go.
All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).
Serial Java fault-finder Adam Gowdiak has embarrassed Oracle yet again.
The Polish researcher is publicly bragging about two brand-new vulnerabilities he's found even since Oracle's most recent patch just a week ago.
Irrepressible cybercrime investigator and reporter Brian Krebs has written about yet another Java zero-day exploit.
This one, it seems, targets an exploitable vulnerability even in Oracle's most recent release, Version 7 Update 11, aka 7u11.