Skip to main content

New security vulnerability found in Java; experts recommend disabling the app

Image used with permission by copyright holder

Researchers have identified a zero-day security flaw in the Java program that hackers are exploiting. The concern is severe enough that the U.S. Computing Readiness Team, a unit of the Department of Homeland Security’s National Cyber Security Division, issued a note about the flaw. The vulnerability has already been incorporated into two of the most popular Web threat tools for hackers’ malware distribution, so the threat is live and putting computers at risk, The Next Web reported. 

The problem is a remote code execution vulnerability in Java 7 Update 10 and earlier versions of the application. This weakness allows a hacker to execute arbitrary code on an exposed machine. The Computing Readiness Team said there is no known workaround yet to protect against malicious attacks, and they recommended disabling Java if at all possible until maker Oracle can enact some repairs. If you can’t disable or uninstall the application, your best bet is to disable it in your main browser and keep all of your Java use confined to a separate browser.  

A French researcher working under the name Kafeine first reported the vulnerability, and security company AlienVault Labs confirmed the flaw. Kafeine said in his post about the problem that the latest version of Java was being exploited on a site receiving a heavy volume of traffic. 

Java has been a source of security concerns for years. Java 7 Update 7 was an out-of-cycle patch released in September to block a vulnerability that let hackers assume total control over a computer. The software is near-ubiquitous, making it an appealing target for hackers. Check out our explainer on Java for more information, including a walkthrough of how to disable and uninstall the app on your computer. 

Image via Jennie Faber

Editors' Recommendations

Anna Washenko
Former Digital Trends Contributor
Anna is a professional writer living in Chicago. She covers everything from social media to digital entertainment, from tech…
Malware found on some new Apple M1 Macs mystifies experts
The Mac Mini M1 sitting on a desk.

Hackers appear to have wasted little time in targeting Apple’s recently launched Mac computers featuring its new M1 chip.

Colorado-based security firm Red Canary says it has discovered malware on nearly 30,000 Mac computers globally, though experts are currently trying to work out its precise purpose.

Read more
TrickBot returns with new attack that compromised 250 million email addresses
nhs email gaffe button

The TrickBot malware, which earlier this year worked in tandem with the Ryuk ransomware to siphon millions of dollars for hackers, is back with a new attack that may have compromised as many as 250 million email accounts.

In a report by Deep Instinct, the cybersecurity company revealed a new variant of TrickBot that teams it up with a malicious, email-based infection and distribution module dubbed TrickBooster.

Read more
5 gaming mice you should buy instead of the Logitech G Pro X Superlight 2
Logitech's Pro X 2 Superlight gaming mouse.

The Logitech G Pro X Superlight 2 is a phenomenal gaming mouse. It has performance capable of satisfying even the most competitive of gamers, it's comfortable to use and can last multiple days on a single charge. And let's be honest -- it just looks great, too. Logitech's Pro-series mouse is fantastic, but it's also expensive at $160, and there are some excellent alternatives available.

Regardless of if you're trying to save a bit of money, unlock different features, or just browse the alternatives to the Logitech G Pro X Superlight 2, we've rounded up five mice built for competitive gaming that you should keep in mind.
Razer Viper V3 Pro

Read more