Saturday, January 12, 2013

Disable Java amid zero-day flaw!! Warns US Homeland Security

"Java users should disable or uninstall Java immediately to mitigate any damage"

The U.S. Department of Homeland Security has warned users to disable or uninstall Java software on their computers, amid continuing fears and an escalation in warnings from security experts that hundreds of millions of business and consumer users are vulnerable to a serious flaw, reports Zac Whittaker at ZDNet Firday.

It has been found that hackers have discovered a weakness in Java 7 security that could allow the installation of malicious software and malware on machines that could increase the chance of identity theft, or the unauthorized participation in a botnet that could bring down networks or be used to carry out denial-of-service attacks against Web sites.

"We are currently unaware of a practical solution to this problem," said the DHS' Computer Emergency Readiness Team (CERT) in a post on its Web site on Thursday evening. "This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available."


Java is used by hundreds of millions of Windows, Mac and Linux machines -- along with mobile devices and embedded systems -- around the world to access interactive content or Web applications and services.

In the meeanwhile, reportedly Apple has already moved quickly to address the issue, disabling the Java 7 plug-in on Macs where it is already installed. Apple has achieved this by updating its "Xprotect.plist" blacklist to require a minimum of an as-yet unreleased 1.7.0_10-b19 version of Java 7. With the current publicly-available version of Java 7 being 1.7.0_10-b18, all systems running Java 7 are failing to pass the check initiated through the anti-malware system built into OS X.

Apple's updated plug-in blacklist requiring an unreleased version of Java 7

PS: As detailed in the National Vulnerability Database, the issue affects not only the Java 7 plug-in, but all versions from 4 through 7.

Read more about it at: | ZDNet | MacRumors |

We are also on Facebook


Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More