Java Patch Didn’t Fix Everything, New Exploit On Sale For $5,000

Microsoft and Oracle both released patches this week for zero-day exploits found in Internet Explorer 8 and Java. If you still use Internet Explorer 8 or below, you should probably download the fix available via Windows Update. As for Java, you should probably still keep that disabled.

Krebs on Security reports that a hacker has already found a hole in the Java fix that Oracle uploaded this week. This particular hacker relayed the news to others on a private Web forum, and began looking for buyers. Here’s the sales pitch: