Security Hole in Latest Java lets Attacker Remotely Seize Control, Exploit on Sale for Five Figures

This article explains how Cybercriminals are reportedly selling details of a 0-day security hole in the latest version of Oracle’s Java, specifically the MidiDevice.Info component that handles audio input and output, for five figures. The flaw lets an attacker take control of your system if you are running Java 7 Update 9 or any previous version. It gives the details:  Code execution is very reliable, worked on all 7 versions I tested with Firefox and MSIE on Windows 7, the seller explained in a sales thread on his exploit. It is not clear whether Chrome also is affected. It concludes that users remain the same: regardless what browser you’re using, uninstall Java if you don’t need it. If you do need it, use a separate browser when Java is required, and otherwise disable Java in your default browser.