Security Experts Advise Java Disabling, New Flaw Discovered
Security advisers are warning PC users to disable Java on their machines, following detection of another zero-day vulnerability that hackers are actively exploiting to attack computers.
Java is a computer language running on more than 850 million computers worldwide, allowing Web developers to design Web sites and applications accessible on any type of computer.
According to a report by ComputerWorld, hackers are actively using the Java exploits to install malicious programs in drive-by download attack on the computers of users who visit infected Web sites.
A French malware researcher, going by the moniker Kafeine, first reported the exploit which was later confirmed by security company AlienVault Labs. In a blog post on Jan. 10, Kafeine said that the latest version of Java is exploited on a Web site receiving "hundreds of thousands of hits daily".
"We can confirm that this is a new vulnerability. We reproduced the exploitation mechanism on Java 1.7 Update 9 and Update 10. Other versions may be vulnerable as well, we're currently analyzing whether other older updates are vulnerable," said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, in an e-mail to ComputerWorld.
Bitdefender researchers traced the attacks back to Jan. 7. However, some other researchers claim that the attacks started on either Jan. 2 or Jan. 3.
Security experts warned that the risk is high as developers of popular exploit toolkits, such as Blackhole Exploit kit and Redkit, have added the exploit. The exploit toolkits are widely used by hackers to exploit flaws.
"Java is a mess. It's not secure. You have to disable it," said Jaime Blasco, Labs Manager with AlienVault Labs.
Many security experts recommended disabling Java on computer machines. Disabling the popular software could make some Web sites and Web applications inaccessible to users. However, no security update is available at the moment and disabling Java seems to the best option, until a patch arrives.