Java’s miserable 2013 just will not go away. One of the endless parade of bugs found in the platform throughout 2013—many of which were zero-day vulnerabilities exploited in targeted attacks—apparently wasn’t closed off completely by an October 2013 patch released by Oracle. Researchers at Polish security company Security Explorations last week disclosed that Oracle’s patch...

Oracle’s stewardship of Java has been scrutinized by the security community, which in 2013 languished through nearly a full year of targeted attacks exploiting zero days and other vulnerabilities in the platform. Since then, Oracle has improved the Java user experience by denying unsigned applets the ability to execute by default, and putting security restrictions...