Serious Security Flaw Leaves Computers Open to Malware
UPDATE: Oracle has announced this evening that they have just issued an emergency patch:
Via CNet.com: Oracle released an emergency software update today to fix a security vulnerability in its Java software that could allow attackers to break into computers. The update, which is available on Oracle's Web site, fixes a critical vulnerability in Oracle's Java 7 that could allow a remote, unauthenticated attacker to execute arbitrary code. The attack can be induced if someone visits a Web site that's been set up with malicious code to take advantage of the hole. Read the entire update HERE.
* * * * *
The U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks. The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts.
Experts believe hackers have found a flaw in Java's coding that creates an opening for criminal activity and other high-tech mischief. The warning is being issued through home government agencies in all civilized countries in the world.
Michael Winter in USA Today explains further (in language that we digital dunces can understand):
The flaw in Java 7 "can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system," according to a warning posted Thursday by the U.S. Computer Emergency Response Team (CERT). Hundreds of millions of consumers and businesses may be affected.
Hackers could exploit the flaw to install malicious software or malware that could make users vulnerable to identity theft or allow their computers to be exploited by "botnets" that could crash networks or be used to attack web sites.
"Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability," the warning adds.
The complete CERT warning with more details and references can be VIEWED HERE.
So far there is no practical solution to fix this flaw yet. ALSO NOTE: It is recommended that you uninstall Java rather than disable it. CERT says that they have encountered situations where Java will crash if it has been disabled in the web browser as described above and then subsequently re-enabled. Reinstalling Java appears to correct this situation.
CLICK HERE for instructions on how to uninstall Java from your Windows computer. This issue affects not only the Java 7 plug-in, but all versions from 4 through 7. According to Apple, they have already remotely disabled Java from all Macs that had it installed.
* * * * * * *
* * * * *