Oracle has released a new version of Java 7, Update 17. The patch is being released early, Oracle says, to cope with a security hole that is being “actively exploited by attackers to maliciously install the McRat executable onto unsuspecting users’ machines.” The vulnerability was made public late last week. It also fixes a second, previously undocumented flaw, believed to be likewise connected to Java SE’s 2D component.
A Polish security company, Security Explorations, has sent Oracle notice of five more vulnerabilities. Oracle says it has received the report, and is investigating. Numerous new exploits have been discovered in Java since the start of 2013; while Oracle has already switched to an accelerated update schedule, it has been forced to post a collection of emergency updates as well, especially as Apple has been periodically disabling Java in OS X when new problems are found.