In a recent announcement, Oracle said that it has released an "out-of-cycle" security patch for addressing the Java 7 vulnerabilities which have been identified by security researchers, and have apparently been “widely exploited” by hackers.

The "out-of-cycle" security patch – Java 7 Update 7 - released by Oracle addresses security issues CVE-2012-4681, along with a couple of other vulnerabilities which affect Java running in web browsers on desktops. However, these vulnerabilities are neither applicable to Java software running on servers or standalone Java desktop applications, nor do they affect Oracle server-based software.

With the next official release of Java scheduled for October 16, the "out-of-cycle" update from Oracle – which otherwise has a four-month patching cycle - has come after a lot of public discussion as well as pressure from the security community, which has been highlighting the severe and serious issues in Java 7.

According to several reports from tech newswires, the Java 7 vulnerabilities were being used in targeted attacks by hackers with the help of the Metasploit tool and Blackhole exploit kit. The vulnerabilities essentially enabled the hackers to use a customized web page to force computers to download and run malicious software which does not have to be coded in Java.

Acknowledging the “severity” of the Java 7 vulnerabilities, and the fact that they were being exploited ‘in the wild,’ Oracle said in its Java 7 Update 7 release that it “strongly recommends that customers apply the updates provided by this security alert as soon as possible.”