Oracle has updated the Java Runtime Environment to patch an exploit that was discovered last Friday. Even after this update, US Homeland Security is still advising people and companies to disable Java for Windows users until further notice.
The vulnerability allows remote attackers to execute code on a PC. The zero day flaw was found immediately online and sites were offering kits as an available download. Anyone could deploy the kits and steal personal information stored on users’ computers when they visited an infected site. Java has has a very poor history with security and the latest exploit is not going to change that.
The United States Computer Emergency Readiness Team (US-Cert) has posted a description of the latest problem for Java.
“A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a “drive-by download” attack). Any web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors. Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available.”
Windows users are at the most risk with their browsers, but Mac OS and Linux users should also take caution against any possible attacks. If users wish to continue using Java they should at least verify they have the latest version by checking on the Java site.
To disable Java in Windows, navigate to Control Panel. Open the Java icon, double click on the Security panel and uncheck the box labelled “enable Java content in the browser.” More detailed instructions can be found from Oracle on the disable section of their site.
Many non technical users ignore security bulletins because they are not aware they use Java or even know what it is. You most likely use Java every day and don’t even know.
Java is a computer language that enables programmers to code software utilizing just a single piece of code that will run on all different types of computers. All different types of computers including both Mac and PC’s, but also game consoles, mobile phones, time clock machines, cars and calculators to just name a few examples.
Java has had a great purpose and is used daily by millions. Its future is up in the air as security flaws have always been a problem, but recently the severity is beyond concerning.
U.S. Government to PC Users: Disable Java
The cybersecurity branch of the Department of Homeland Security is warning computer users to disable Java on their systems due to a software vulnerability.
Disable Java in All Browsers
Quick tutorial on how to use the java console to disable all browser use at the same time. For Java 7 update 10 or newer.
Disable Java in Google Chrome
We know there is some security issue in Java recently. Below is how to disable Java in Google Chrome.
1) Click top right button (mouse over: customize and control Google Chrome)
2) Click Tools-Extensions
3) Click Settings, at the bottom, click “Show Advanced Settings”
4) Click “Content settings” under Privacy
5) Click “Disable individual settings” under Plug-ins
6) Find Java and click disable.
Disable Java in Firefox
We know there is some security issue in Java recently. Below is how to disable Java in Firefox.
1) Go to tools at the top menu of Firefox.
3) Click plugins
4) Find Java and click disable button.