Java Flaw: Web Users Vulnerable to Attack

Internet users are now being warned about a new zero-day security vulnerability in Java software that could allow a hacker to gain unauthorized access to their computers.

The vulnerability is related to a recently-discovered flaw in the popular Java software system, which is used all over the web to create a great many applications and associated plug-ins.

Security experts say even fully-updated installations of Java are vulnerable to this new round of attacks. Only by completely disabling the Java browser plug-in can Internet users be sure their computers are safe from hackers attempting to exploit the flaw.

Hackers Exploit Java Flaw to Gain Remote Access

To take advantage of this vulnerability, a hacker must convince a user to visit a website containing specific, malicious code, which can then insert the malware into the innocent users' computer. Users should be wary of clicking on unknown links on websites, in emails, or within instant messaging systems.

Reports indicate that hackers are actively attacking the flaw by deploying special automated exploit kits. (Source: cnet.com)

"This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available," noted the United States Computer Emergency Readiness Team (US-CERT). (Source: cert.org)

AlienVault Labs security expert Jamie Blasco says the number of attacks using these exploit kits will greatly increase in the coming week or so.

"The Java file is highly obfuscated but based on the quick analysis we did the exploit is probably bypassing certain security checks, tricking the permissions of certain Java classes," Blasco noted in a recent blog post. (Source: crn.com)

Oracle: No Fix Available

Oracle, which produces Java software, has yet to issue a repair for the newly discovered flaw. In view of the danger, many security experts are insisting that Internet users completely disable Java on their computers until an official fix is available to the public.

To disable Java in Microsoft's Internet Explorer, open the browser and type ALT + T to activate the Tools menu. From there, select 'Manage Plugins.'

Next, choose 'All items' from the drop-down menu and then disable the Java plug-in.

Security firm Sophos has posted a guide for disabling Java in other Internet browsers, including Firefox, Chrome, Opera, and Safari. To access the guide, click here.