Two more zero-day vulnerabilities in Java, seemingly

[McLovin]

Oracle’s most famous program might be Java, but it has its fair share of vulnerabilities, and the past few weeks seems to have brought a lot of them to the forefront. Java 7 seemingly slips up again, with two potential vulnerabilities found.

A Polish security firm has reported not one, but two new zero-day vulnerabilities, which they call “Issue 54” and “Issue 55”. Oracle is investigating both reports of weaknesses in Java 7, but at present has not confirmed anything. Various security experts have made the suggestion to disable Java’s browser plugin in the past, and it isn't exactly a bad idea.

Read more.

 

[Gnosis]

We need a way to have Java added onto AV's instead of browsers. Maybe then Java would not be such a pain in the rear.
What I mean is; if it is going to constantly be exploited, it might as well be attached to security software in ways that a realtime AV can make the constant exploits much less of a nuisance or anxiety--maybe in Avast's auto-sandbox, or something.