According to a report, a Java exploits was being advertised for $5,000 a piece in an underground Internet forum and the new zero-day vulnerability was apparently already in at least one attacker’s hands.
The thread has since been deleted from the forum indicating a sale has been made, something sure to bring more concern to Oracle.Oracle can’t predict the future, and its engineers obviously can’t predict what exploits are going to be found in its software.
The most recent hold Java fixed to allow hackers to enter a computer by using compromised websites as the entry-point into Java. Once in the system, they could steal any information, or hook up the computer to a botnet or a string of infected computers that can be used to launch attacks against other computers.
The exploit is valuable because not only is it usable on the most up-to-date version of Java, which could remain vulnerable for weeks, if not months.