WEST PALM BEACH, Florida, January 12, 2013 – The Department of Homeland Security has warned users to temporarily disable Java software to avoid a cyber attack on their computers. The Department of Homeland Security’s Computer Emergency Readiness Team issued a vulnerability notice:
“to address a vulnerability in Oracle Java Runtime Environment (JRE) 7 and earlier that is currently being exploited in the wild. This vulnerability may allow an attacker to execute arbitrary code on vulnerable systems.”
The notice further recommends, “that Java be disabled temporarily in web browsers as described in the “Solution” section of the US-CERT Alert and in the Oracle Technical Note “Setting the Security Level of the Java Client.”
According to the Department of Homeland Security, the notice came after the discovery that a vulnerability in the software allows attackers to execute a code on PCs running Java. Furthermore, criminals are already exploiting this vulnerability via “explore kits,” which are available online for those interested in accessing other computers to commit online crimes.
The “vulnerabilities” allow hackers to access computers via the software, accessing all types of personal information that is stored on the computer or monitoring current activities on a computer.
Many users have worried about the security of Java for several years. Apple, concerned about the program, removed Java plugins from OSX browsers. Oracle, the creator of Java, says it will release a patch on Tuesday to solve the problems. According to Oracle, the new patch will fix 86 vulnerabilities that exist in Java 7.
The obvious corollary to that is the current Java 7 has 86 vulnerabilities that criminals can exploit.
Mac users are probably safe from problems with Java because, as noted earlier, Apple’s OSX operating system already blacklisted Java.
PC users should first verify the version of Java they are using to find out if they have the highly vulnerable version 7. To find out which version of Java your computer is running, go to www.java.com and click on “Do I have Java?” That brings up the Verify Version of Java screen. Click on the Verify box and it will tell you which version of Java you are using.
If you have Java 7, the easiest way to disable it is to make sure you have Update 10 and you are not using Internet Explorer. If you do not have Update 10 but have Java 7, upgrade to Update 10. This will allow you to more easily disable the program than if you have previous Updates.
Next, go to the Java control panel. To access the Java control panel in windows, go to start/control panel and click on Java.
After the Java control panel appears, click on the Security tab.
De-select “Enable Java content in the browser.”
That will stop Java from running on your computer.
If you cannot upgrade to Update 10, you can access the Homeland Security instructions here, but they are far more complicated than going through the Java browser.
Until Oracle addresses the vulnerabilities, users running Java 7 are leaving themselves wide open to a variety of unpleasant repercussions from unauthorized access.