Numerous security experts are warning that all computer users should disable Java on their systems immediately. Earlier this week, researchers discovered a vulnerability in Java that was being actively exploited.
InformationWeek’s Matthew J. Schwartz reported, “Security experts have a message for all businesses: Disable Java now, and keep it disabled. That’s their advice message after the discovery Thursday of yet another zero-day Java vulnerability, as well as a number of attacks that are already exploiting the flaw to run arbitrary code on PCs.”
ZDNet’s Zack Whittaker added, “The U.S. Department of Homeland Security has warned users to disable or uninstall Java software on their computers, amid continuing fears and an escalation in warnings from security experts that hundreds of millions of business and consumer users are vulnerable to a serious flaw…. ‘We are currently unaware of a practical solution to this problem,’ said the DHS’ Computer Emergency Readiness Team (CERT) in a post on its Web site on Thursday evening. ‘This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available.'”
According to The Next Web’s Emil Protalinski, “It appears this flaw was first stumbled upon by a French researcher who goes by the name Kafeine. In a post on his Malware Don’t Need Coffee website, the researcher claimed that the latest version, Java 7 Update 10, was being exploited on a site that receives ‘hundreds of thousands of hits daily’ and concluded that ‘this could be mayhem.'”
The Inquirer’s Lee Bell noted, “To prevent this exploit, Trend Micro recommends that users consider whether they really need Java in their systems. ‘If it is needed, users must use the security feature to disable Java content via the Java Control Panel, that shipped in the latest version of Java 7,’ Trend’s blog post said. ‘If Java content is not needed, users may opt to uninstall Java as it can pose certain security risk.'”