By Hawaii 24/7 Staff
The Department of Homeland Scurity is warning computer users about a security vulnerability with Java in web browsers. There is no current fix for this serious security issue.
Computer users should disable Java (not to be confused with Javascript) in their computer browsers due to this security vulnerability.
This affects Windows, Macintosh, Linux and Solaris systems.
Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) (1/10/2013)
A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a “drive-by download” attack).
Any web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors.
Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available.
How to disable Java in the browser:
http://www.java.com/en/download/help/disable_browser.xml
About the threat. http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-7000009713/
UPDATED (1/14/2013)
Oracle has updated Java to Version 7 Update 11 to fix the security issue. You can download the latest version of Java to install at: http://www.java.com/
Leave a Reply