Researchers have identified a zero-day security flaw in the Java program that hackers are exploiting. The concern is severe enough that the U.S. Computing Readiness Team, a unit of the Department of Homeland Security’s National Cyber Security Division, issued a note about the flaw. The vulnerability has already been incorporated into two of the most popular Web threat tools for hackers’ malware distribution, so the threat is live and putting computers at risk, The Next Web reported.
The problem is a remote code execution vulnerability in Java 7 Update 10 and earlier versions of the application. This weakness allows a hacker to execute arbitrary code on an exposed machine. The Computing Readiness Team said there is no known workaround yet to protect against malicious attacks, and they recommended disabling Java if at all possible until maker Oracle can enact some repairs. If you can’t disable or uninstall the application, your best bet is to disable it in your main browser and keep all of your Java use confined to a separate browser.
A French researcher working under the name Kafeine first reported the vulnerability, and security company AlienVault Labs confirmed the flaw. Kafeine said in his post about the problem that the latest version of Java was being exploited on a site receiving a heavy volume of traffic.
Java has been a source of security concerns for years. Java 7 Update 7 was an out-of-cycle patch released in September to block a vulnerability that let hackers assume total control over a computer. The software is near-ubiquitous, making it an appealing target for hackers. Check out our explainer on Java for more information, including a walkthrough of how to disable and uninstall the app on your computer.
Image via Jennie Faber
- Is ChatGPT creating a cybersecurity nightmare? We asked the experts
- Experts fear ChatGPT will soon be used in devastating cyberattacks
- Hackers now exploit new vulnerabilities in just 15 minutes
- Malware found on some new Apple M1 Macs mystifies experts
- TrickBot returns with new attack that compromised 250 million email addresses