Submission + - Zero-day vulnerability found in Java 7 (fireeye.com)
yppasswd writes: A zero day vulnerability (CVE-1012-4681) was found in JRE 1.7, affecting the Java browser plugin and allowing the attacker to circumvent the plugin sandbox and take control of the machine. According to researchers the vulnerability is, actually, split in two distinct bugs and exploits against the bug are already circulating in the wild. As of writing, Oracle hasn't provided a fix yet, so the best bet for now seems to be either disabling Java in your browser or reverting to 1.6.x which should not be affected.