A term that refers to any number of security exploits in Oracle’s Java software, which has a long history of being vulnerable to security flaws. The most recent Java Security Exploit appeared in early 2013, and affected all versions of Java up to Java 7 Update 10.
This zero-day security vulnerability, referenced as CVE-2013-0422 by the CVE, carried a payload of malware that could result in identity theft as well as rendering the host machine an unauthorized botnet that could then be used in denial-of-service (DoS) attacks against other machines.
Oracle periodically releases software patches developed to address Java security exploits, and it released one as Java 7 Update 11 two days after the most recent vulnerability was discovered. Only days after that patch debuted, a new zero-day Java security exploit was publicized and marketed by crimeware sites for $5,000.
Recommended Reading: Webopedia Study Guides – Java Basics: Variables, Syntax and Conventions and Java Basics Part 2: Operators, Modifiers and Structures.
