In a move which security researchers at Security Explorations feel is a positive step by Oracle to protect Java users against critical vulnerabilities, Oracle has issued an emergency update which closes a dangerous security hole in its Java 7 software that hackers have apparently been using to deploy malware.

The recently-patched vulnerability in Java 7 Runtime essentially gave the malware writers the ability to push viruses to PC as well as Mac computers, thanks to their compatibility with the software. The malicious software unleashed by the hackers was “caught” by users when they visited infected websites.

The opening of the infected web page by the users prompted the virus to execute a download, giving hardly any indication that it was downloading --- other than a “loading” sign which popped up over a java icon and disappeared.

While the urgent update to patch the Java security hole was released by Oracle on Thursday, Security Explorations’ security researchers claim that Oracle has known about the critical security hole for months; and added that they had informed the company about the issue four months back.

Noting that Security Explorations had alerted Oracle about the recently-patched vulnerability, along with 30 other vulnerabilities, back in April, Adam Gowdiak – the CEO and founder of the Poland-based research firm – told The Register: "We ... expected that the most serious of them would be fixed by June 2012 Java CPU. But it didn't happen and Oracle left many issues unpatched with plans to address them in the next Java [updates]."