Security agency recommends disabling Java, due to exploit

Internet users should consider disabling Java in their browsers because of an exploit that can allow remote attackers to execute code on a vulnerable system, the U.S. Computer Emergency Readiness Team (US-CERT) recommended late Thursday.

Security researchers reported this week that cybercriminals were using a zero-day vulnerability in Java to attack computer systems. Attackers were using the vulnerability to stealthily install malware on the computers of users who visit compromised websites, researchers said.

The US-CERT security warning said the agency is "unaware of a practical solution to this problem."

Instead, US-CERT recommended Internet users disable Java in browsers. US-CERT is part of the U.S. Department of Homeland Security.

The problem can allow an untrusted Java applet to escalate its privileges, without requiring code signing. Oracle Java 7 update 10 and earlier are affected, US-CERT said.

"This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits," US-CERT added. "Exploit code for this vulnerability is also publicly available."

Two spokeswomen for Oracle, the company that distributes Java, weren't immediately available for comment.

Sorin Mustaca, a security expert for security vendor Avira wrote a blog post Friday on how to deactivate Java in browsers.

Related:
Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Help Desk Newsletter

Comments