The U.S. Department of Homeland Security alerted users of Java to a serious and urgent security risk, recommending that users disable Java until a suitable fix has been released. In the statement, the United States Computer Emergency Readiness Team (US-CERT), the branch of the federal government that manages computer security risks, warned that any system using Oracle Java 7 (1.7, 1.7.0) including Java Platform Standard Edition 7 (Java SE 7), Java SE Development Kit (JDK 7) and Java SE Runtime Environment (JRE 7) are at risk.
The Feds said that all versions of Java 7 through update 10 are affected, and even web browsers using the Java 7 plug-in are at serious risk.
According to the US-CERT, “A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a “drive-by download” attack).”
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
With this flaw, hackers are able to use Java to install malicious software, which will in turn allow them to turn computers into part of an ad-hoc network to be used for cyber attacks, as well as making the computers vulnerable to websites that are virus infected, identity theft and “ransomeware,” where the computer is locked and not unlocked until the user pays money to the hackers.
security experts were the first to break this news, with the US – CERT formally announcing it later in the day. Java is a highly-used program that enables an array of different software programs to run on various computers and websites.
Oracle issued a statement promising a patch on Tuesday, promising that it will contain “86 new security vulnerability fixes.” They went on to say that, “due to the threat posed by a successful attack, Oracle strongly recommends” that customers update Java on their computers with the patch as soon as possible.” As a reminder, until that patch comes out, the Department of Homeland Security strongly advises users to disable Java all together.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!