Oracle has issued a fix for the zero-day vulnerability in Java that recently got added to the widespread Blackhole exploit tool. The company rarely deviates from its three-month update cycle, but clearly felt the problem was pressing enough to expedite the patch. The security flaw could have let malware slip through when users visited certain webpages.

The manner in which it has been released on Java.com makes no mention of the urgency, though; the patch is simply called Recommended Version 7 Update 7, and there's no accompanying text to inform users of why they might want to update. There are, however, release notes and a security alert on Oracle's own site.

While it's good to see a solution to the issue, the revelation that Oracle was notified of the vulnerability over four months ago by Polish firm Security Explorations raises some pressing questions over the software giant's efficiency.