Last week, the United States Computer Emergency Response Team (US-CERT) announced a massive vulnerability on the Java environment, where computers running Java 7 Update 10 and earlier (basically all Java users) are vulnerable to attacks via the running of arbitrary codes to the system. Oracle, Java’s makers, swiftly issued a security fix in its latest Update 11 patch. However, it was deemed not sufficient and still flawed by the US Department for Homeland Security, which then posted on its website to warn all US residents to update their devices to Java 7 Update 11 as well as to disable Java in all browsers unless absolutely necessary.
Some 3 billion devices have Java installed, and Java vulnerabilities are often targeted by hackers. However, the Telegraph reports that government interventions such as that by the Homeland Security are rare. On its website, the department stated that Java 7 Update 10 and earlier versions contain “an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered,” which is why the department recommends that all users disable Java on their devices.
Attacks from Java vulnerabilities is becoming increasingly common, and may have taken over Adobe Flash and Internet Explorer as a hacker’s favourite playground. Fortunately, disabling Java is pretty simple across all platforms. On Windows devices, users simply need to access the Java Control Panel via the search box in the Control Panel, and disable Java on all browsers under the “Security” tab. New Apple computers even ship with Java disabled. To find out more about disabling Java, head on to Java’s guide here.
(Source: The Telegraph)
