Security Experts Advise Java Disabling, New Flaw Discovered

By Johnny Wills email: j.wills@mobilenapps.com | Jan 11, 2013 07:59 PM EST

Share This Story

  • Print
  • Email

Security advisers are warning PC users to disable Java on their machines, following detection of another zero-day vulnerability that hackers are actively exploiting to attack computers.

Java is a computer language running on more than 850 million computers worldwide, allowing Web developers to design Web sites and applications accessible on any type of computer.

Follow us

According to a report by ComputerWorld, hackers are actively using the Java exploits to install malicious programs in drive-by download attack on the computers of users who visit infected Web sites.

A French malware researcher, going by the moniker Kafeine, first reported the exploit which was later confirmed by security company AlienVault Labs. In a blog post on Jan. 10, Kafeine said that the latest version of Java is exploited on a Web site receiving "hundreds of thousands of hits daily".

"We can confirm that this is a new vulnerability. We reproduced the exploitation mechanism on Java 1.7 Update 9 and Update 10. Other versions may be vulnerable as well, we're currently analyzing whether other older updates are vulnerable," said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, in an e-mail to ComputerWorld.

Bitdefender researchers traced the attacks back to Jan. 7. However, some other researchers claim that the attacks started on either Jan. 2 or Jan. 3.

Security experts warned that the risk is high as developers of popular exploit toolkits, such as Blackhole Exploit kit and Redkit, have added the exploit. The exploit toolkits are widely used by hackers to exploit flaws.

"Java is a mess. It's not secure. You have to disable it," said Jaime Blasco, Labs Manager with AlienVault Labs.

Many security experts recommended disabling Java on computer machines. Disabling the popular software could make some Web sites and Web applications inaccessible to users. However, no security update is available at the moment and disabling Java seems to the best option, until a patch arrives.

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2014 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Intel Pocket Avatars

Join Our Conversation

Smartphones
Instagram Bolt for AndroidInstagram releases Bolt ephemeral messaging app in select markets to challenge Snapchat
Cortana reaching more markets, Windows Phone 8.1 Update 1 packs neat goodies
LG G Vista to hit Verizon on July 31 as mid-range KitKat phablet for $99.99
Motorola Google Nexus 6 claims bolstered, to launch once Moto is fully under Lenovo
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
PayPal iOS appPayPal for iOS update brings loyalty card support, other features and enhancements
Facebook Slingshot now official to challenge Snapchat – What makes it stand out?
Pinterest update brings Guided Search to desktop users (VIDEO)
SwiftKey goes free on Google Play, boasts great new features & improvements
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps
Real Time Analytics