“A new zero-day vulnerability has been discovered in all currently-supported versions of Oracle’s Java software, potentially allowing attackers to install malware on around 1 billion Macs and PCs,” Louis Goddard reports for The Verge.

“Announced on the Full Disclosure mailing list by security researcher Adam Gowdiak yesterday, the bug is present in Java 5, Java 6, and Java 7 — as Computerworld points out, it is particularly significant for users of versions of Mac OS X up to and including Snow Leopard 10.6, which come bundled with the software,” Goddard reports. “The 1 billion figure is taken from installation statistics provided by Oracle.”

Read more in the full article here.

Gregg Keizer reports for Computerworld, “Snow Leopard was the last edition where Apple bundled Java with the operating system”

“While Gowdiak said that he found the new Java bug last week — and took the weekend to create and test a proof-of-concept exploit — he only reported it to Oracle on Tuesday. In a follow-up email to Computerworld, Gowdiak said, ‘We just received confirmation of the issue from Oracle,'” Keizer reports. “The company also told him that the bug will be patched in a future Java security update, but that it did not name which. The next on Oracle’s quarterly schedule will ship Oct. 16.”

Read more in the full article here.