New Java 7 bug prompts calls for web users to axe plug-in

Computer users ordered to uninstall or disable Java 7 until Oracle patches latest vulnerability.

Danger

PC and Mac users must disable Java in their web browsers following the discovery of another zero-day vulnerability that is reportedly being used by hackers to take over people's computers.

The stark warning was made by the US government's Computer Emergency Readiness Team (CERT) yesterday in an alert, which claims that all browsers using the Java 7 plug-in are at risk.

The group warned that the Java Deployment Tookit plug-in and Java Web Start can also be used by hackers to attack vulnerable systems.

Everyone running an updated version of Java is at risk right now, until Oracle releases a patch.

"Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available," the US CERT advisory stated.

The vulnerability is understood to affect the Java Security Manager, allowing applets to grant themselves permission to execute arbitrary code.

"An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet," the alert added.

"An attacker could also compromise a legitimate website and upload a malicious Java applet [known as a drive-by download' attack."

The organisation is urging computer users to disable or uninstall Java in their web browsers, and not to access Java applets from unknown sources, in a further advisory document.

It also claims users could mitigate the risk by using one browser for tasks that require Java.

"If you use a website that requires Java, choose and configure a browser to have Java enabled, and only access that resource with that browser," it stated.

"This helps minimise the exposure of Java to untrusted websites," it added.

Jaime Blasco, head of labs at security vendor AlienVault, said the zero-day vulnerability is similar to the ones that blighted web users last August.

"Everyone running an updated version of Java in Windows and probably in Mac OS X is at risk right now, until Oracle releases a patch," Blasco added.

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

Oracle Utilities partners with Veracity and Triniti to streamline utilities’ digital transformation
Infrastructure

Oracle Utilities partners with Veracity and Triniti to streamline utilities’ digital transformation

9 Sep 2021
Oracle launches free cloud training
cloud computing

Oracle launches free cloud training

8 Sep 2021
Google reveals five high-risk flaws in Chrome browser
vulnerability

Google reveals five high-risk flaws in Chrome browser

3 Sep 2021
Challenging the rules of security
Whitepaper

Challenging the rules of security

23 Aug 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Apple patches zero-day flaw abused by infamous NSO exploit
exploits

Apple patches zero-day flaw abused by infamous NSO exploit

14 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021