Java 7 was released in 2011. Oracle said installing its “Update 11” will fix the problem.
Security experts said that special code to take advantage of the weakness is being sold on the black market through so-called “Web exploit packs” to Internet abusers who can use it to steal credit card data, personal information or cause other harm.
The packs make complex hacker codes available to relative amateurs. This particular flaw even enables hackers to compromise legitimate websites by taking over ad networks. The result: users are redirected to malicious sites where damaging software can be loaded onto their computers.
The sale of the packs means malware exploiting the security gap is “going to be spread across the Internet very quickly,” said Liam O'Murchu, a researcher with Symantec Corp. “If you have the opportunity to turn it off, you should.”