Oracle must dramatically step up its security game, experts say. Experts urge the company to adopt more rigorous development practices. The latest “zero-day” vulnerability in Java’s browser plug-in is being exploited by crimeware kits. Oracle patched the bug on Jan. 13, but researchers quickly pointed out that the patch itself was flawed. The U.S. Computer Emergency Readiness Team (US-CERT) continues to urge users to disable Java in their browsers. Oracle’s three-times-a-year Java patch release cycle “does not really protect the security and privacy of Java users,” expert says.”]
Source: https://www.csoonline.com/article/2132778/experts-prod-oracle-to-fix-broken-java-security.html