Oracle has released an emergency Java security update to fix a critical vulnerability that could allow attackers to compromise computers when they visit specially crafted websites.
The company has assigned CVE-2016-0636 as the identifier for the vulnerability, which suggests that it is a new flaw discovered this year — but that’s not really the case.
Polish security firm Security Explorations confirmed via email that the new Java update actually fixes a broken patch for a vulnerability that was originally reported to Oracle by the company in 2013.