Oracle has released its quarterly patch update, which includes fixes for nearly 200 vulnerabilities. The most notable bug fixed is the Java zero day that s been used in an ongoing attack campaign. At least one of the bugs is being actively exploited in the wild in more than two years. In addition to the 193 patches released yesterday, Oracle also reminded customers to install the patch pushed out in May for the so-called VENOM vulnerability in the QEMU virtual floppy disk controller that’s been reported as actively exploited.
Source: https://threatpost.com/oracle-patches-java-zero-day/113792/