In addition to addressing the Zero Day vulnerability in Sunday's patch, Oracle also boosted Java's security setting to "high" by default. "That means that right now the user has to authorize the execution of Java applets that are not signed with a valid certificate," explained Jaimie Blasco, manager of AlienVault Labs, in an email.
While that move is a great step toward making Java more secure on a browser, Blasco noted, it is far from a panacea for Java's problems.
"In the past, we have seen that the attackers were able to steal a valid certificate to sign malicious code so it won't surprise me if we see this technique being used," he said.
Because Java appears to be riddled with vulnerabilities, Bitdefender's Botezatu recommends Oracle identify the core components of the software and rewrite it from scratch.
No doubt, more than a little rewriting of the software will be done when Oracle releases the next version of Java scheduled for September.