Disable Java: Your Computer Is Under Threat

By Shailesh Shrivastava email: s.shrivastava@mobilenapps.com | Jan 12, 2013 05:28 AM EST

Share This Story

  • Print
  • Email

Java is once again under security threat because of a recent zero-day exploit, and people out there, including the Department of Homeland Security are shouting "Disable Java."

According to an advisory issued by the Department of Homeland Security, "a vulnerability in Java's Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a 'drive-by download' attack)."

Follow us

Any system using Oracle Java 7 (1.7, 1.7.0) including, Java Platform Standard Edition 7, Java SE Development Kit, Java SE Runtime Environment have become vulnerable because of the bug.

Any Web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors. Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available, the department added in the advisory.

Talking about the zero-day exploit Kurt Baumgartner, a Kaspersky Lab expert posted on his blog: "There appears to be multiple ad networks redirecting to Blackhole sites, amplifying the mass exploitation problem. We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java 0day. These sites include weather sites, news sites, and of course, adult sites."

Baumgartner also listed down some of the files being directed to vulnerable systems.

Stretch.jar, Edit.jar, UTTER-OFFEND.JAR are among so many files which are being delivered to victim systems by the hackers.

According to a report from Mercury News, Oracle will release a fix on Jan 15 which will contain 86 new security vulnerability fixes. Oracle, which manages Java software, also asked the users of Java to update the software as soon as the fix is released.

For now, as a precautionary measure, the Department of Homeland Security and other experts have recommended users to disable Java from their Web browsers.

In case you are finding it difficult to disable Java from your browser you can refer to this guide.

Apple has already, in a swift move, disabled the Java 7 plug-in on its computers.

 Apple has achieved this by updating its "Xprotect.plist" blacklist to require a minimum of an as-yet unreleased 1.7.0_10-b19 version of Java 7. With the current publicly-available version of Java 7 being 1.7.0_10-b18, all systems running Java 7 are failing to pass the check initiated through the anti-malware system built into OS X, Mac Rumors reported.

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Ericsson Announces World-Leading Launches Ahead of Mobile World Congress 2014

Join Our Conversation

Smartphones
AT&T GoPhoneAT&T GoPhone customers get more data, new Wi-Fi hotspot option at no additional cost
iPhone 5S sale: $99.99 on-contract with AT&T, Verizon, or Sprint from Radio Shack
Siri ‘GoogolPlex’ hack adds lots of great new functionality – Here’s how and what you can do
Sony Xperia Z2 Compact leaked images reveal promising details
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Chrome Remote Desktop app for AndroidChrome Remote Desktop for Android now available for free from Google Play
Adobe Lightroom mobile hits the iPad, coming soon to iPhones
Apple updates Mac iWork for iCloud suite – What’s new in Pages, Numbers and Keynote?
Microsoft launches Office for iPad, makes Office Mobile free on Android and iPhones
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps