Ask the Answer Guy – Java’s Recent Threat

Dear Brent,

I've been reading a lot this week about a threat to the Java application. I have Java installed on many different browsers on my computers. What is this threat about, and how can I protect myself?

Oracle's Java application is under cyber attack, and Internet users are advised by the U.S. Computer Emergency Readiness Team (US-CERT) to disable Java in their browsers.

The Java 7 Update 10, and earlier versions of Java 7, are affected. Windows, OS X, and Linux platforms are affected, and other platforms that use Oracle Java 7 may also be unguarded. The threat is to the Java plug-in on every browser, but not on Java apps installed on smartphones.

This zero-day vulnerability allows a remote, unauthenticated attacker to execute arbitrary code on an exposed system. Attackers have used the vulnerability to install malware on the computers of users who visit compromised websites, according to researchers. An untrusted Java applet can escalate its privileges, without requiring code signing. Use this tool in EACH of your browsers to see if you have the affected version.

Click here for instructions on how to disable Java in the major browsers.

Although Oracle released an emergency update to the Java software on Sunday, security experts said the update fails to provide the necessary protection from hackers and are reportedly continuing to advise businesses to remove Java from all browsers.

Continue to be on the lookout for a proper fix by Oracle, possibly called Version 7 Update 11 or 12, or something similar.

UPDATE: On February 1 Oracle issued an emergency Java Critical Patch Update, which did not repair all of the flaws. According to Oracle, a newly revised patch, intended to fix the remaining issues, will ship on February 19.


About Dyan James

Dyan has been researching, writing, copyediting, and proofreading articles across a variety of industries since 1998. She further developed her interest and talent for covering technology while working with the guys at DCG Technical Solutions, Inc. Whether writing from scratch, copyediting or simply polishing, Dyan has mastered the art of turning rough copy or a plain idea into an eloquently written piece.