Java Flaw: Web Users Vulnerable to Attack
Internet users are now being warned about a new zero-day security vulnerability in Java software that could allow a hacker to gain unauthorized access to their computers.
The vulnerability is related to a recently-discovered flaw in the popular Java software system, which is used all over the web to create a great many applications and associated plug-ins.
Security experts say even fully-updated installations of Java are vulnerable to this new round of attacks. Only by completely disabling the Java browser plug-in can Internet users be sure their computers are safe from hackers attempting to exploit the flaw.
Hackers Exploit Java Flaw to Gain Remote Access
To take advantage of this vulnerability, a hacker must convince a user to visit a website containing specific, malicious code, which can then insert the malware into the innocent users' computer. Users should be wary of clicking on unknown links on websites, in emails, or within instant messaging systems.
Reports indicate that hackers are actively attacking the flaw by deploying special automated exploit kits. (Source: cnet.com)
"This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available," noted the United States Computer Emergency Readiness Team (US-CERT). (Source: cert.org)
AlienVault Labs security expert Jamie Blasco says the number of attacks using these exploit kits will greatly increase in the coming week or so.
"The Java file is highly obfuscated but based on the quick analysis we did the exploit is probably bypassing certain security checks, tricking the permissions of certain Java classes," Blasco noted in a recent blog post. (Source: crn.com)
Oracle: No Fix Available
Oracle, which produces Java software, has yet to issue a repair for the newly discovered flaw. In view of the danger, many security experts are insisting that Internet users completely disable Java on their computers until an official fix is available to the public.
To disable Java in Microsoft's Internet Explorer, open the browser and type ALT + T to activate the Tools menu. From there, select 'Manage Plugins.'
Next, choose 'All items' from the drop-down menu and then disable the Java plug-in.
Security firm Sophos has posted a guide for disabling Java in other Internet browsers, including Firefox, Chrome, Opera, and Safari. To access the guide, click here.
Free eBook: 6 Tips For Creating An Unbreakable Password That You Can Remember. Do you use the same password for most of the websites you visit? What about your PC? If your passwords are not unique for every website you visit (including your PC), you might as open the front door and invite the cybercrooks in for lunch! This ebook will show you show to create strong passwords that are easy to remember. Click here to download this eBook now! Note: this eBook is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.