Security researchers have called on Oracle Java 6 users to upgrade to Java 7 as soon as possible to avoid being a victim of active network attackers.
Timo Hirvonen, a senior analyst at F-secure, issued a security warning on Java 6 on Twitter this weekend, called CVE-2013-2463.
PoC for CVE-2013-2463 was released last week, now it's exploited in the wild. No patch for jre6... Uninstall or upgrade to JRE7 update 25.
-Timo Hirvonen (@ TimoHirvonen) August 26,201 3
CVE-2013-2463 issues Oracle has been fixed in critical patch updates for Java 7 released in June 2013. But Java 6 also has this problem, but Java 6 will not be updated after April 2013, so there is no patch for Java 6.
Qualys, a cloud security provider, describes this vulnerability as an implicit zero-day vulnerability and may be widely used.
A large number of users are still using Java 6, which exceeds 50%!