Johnny Wills email: j.wills@mobilenapps.com
Security advisers are warning PC users to disable Java on their machines, following detection of another zero-day vulnerability that hackers are actively exploiting to attack computers.
Java is a computer language running on more than 850 million computers worldwide, allowing Web developers to design Web sites and applications accessible on any type of computer.
According to a report by ComputerWorld, hackers are actively using the Java exploits to install malicious programs in drive-by download attack on the computers of users who visit infected Web sites.
A French malware researcher, going by the moniker Kafeine, first reported the exploit which was later confirmed by security company AlienVault Labs. In a blog post on Jan. 10, Kafeine said that the latest version of Java is exploited on a Web site receiving "hundreds of thousands of hits daily".
"We can confirm that this is a new vulnerability. We reproduced the exploitation mechanism on Java 1.7 Update 9 and Update 10. Other versions may be vulnerable as well, we're currently analyzing whether other older updates are vulnerable," said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, in an e-mail to ComputerWorld.
Bitdefender researchers traced the attacks back to Jan. 7. However, some other researchers claim that the attacks started on either Jan. 2 or Jan. 3.
Security experts warned that the risk is high as developers of popular exploit toolkits, such as Blackhole Exploit kit and Redkit, have added the exploit. The exploit toolkits are widely used by hackers to exploit flaws.
"Java is a mess. It's not secure. You have to disable it," said Jaime Blasco, Labs Manager with AlienVault Labs.
Many security experts recommended disabling Java on computer machines. Disabling the popular software could make some Web sites and Web applications inaccessible to users. However, no security update is available at the moment and disabling Java seems to the best option, until a patch arrives.
most read
more stories from OS / Software
Microsoft has reportedly started talks with HTC to add its Windows OS to the phone maker's Android smartphones and HTC is apparently considering to make a Windows Phone/Android dual-booting smartphone.
ernest hamiltonA bug in Chrome for iOS 7 has caused Google's mobile browser to leak private searches made in 'Incognito' mode.
ernest hamiltonHTC has announced that Sprint has already started to roll out the Android 4.3 update to the HTC One, AT&T and T-Mobile will follow in mid-October, while Verizon will release it by the end of the month.
ernest hamiltonThe new Windows 8.1 has gone up for pre-order on the Microsoft Store, ahead of the official launch on Oct. 18.
ernest hamiltonApple has acknowledged the iOS 7 iMessage issue and promised to provide a fix in an upcoming software update.
ernest hamiltonSamsung Canada and French carrier SFR have confirmed the Android 4.3 Jelly Bean rollout schedule for the Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2.
ernest hamiltonThe unlocked, international HTC One is getting Android 4.3 Jelly Bean now, but the U.S. and Canadian versions will 'slightly miss' the end-September timeframe.
ernest hamiltonThe Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2 are reportedly slated to get Android 4.3 Jelly Bean in the fourth quarter, by year-end.
ernest hamilton