Do you have Java installed on your personal computer? If so, regardless of whether the operating system is Windows, Mac OS X or Linux, you need to take action immediately. Oracle, the company behind the Java software that caused a worldwide alert about its security gap, has issued a patch to prevent viruses from infecting computers without the owners’ knowledge.
The U.S. Department of Homeland Security is continuing to advise users to disable Java on their Web browsers, despite Oracle issuing an update that the company said would fix the software’s vulnerability to hackers.
Oracle released a patch for Java 7 on Sunday to address vulnerability in the software that hackers are exploiting.
An emergency patch from Oracle is unusual. The company usually patches Java on a quarterly cycle, but likely released this out-of-band fix because the attack code exploiting this vulnerability has already been added to several popular exploit kits, including “Blackhole” and “NuclearPack.” Crimware kits make it easier for criminals to infect computers with malware and take over the machines for their own nefarious purposes. Researchers have already uncovered websites running the code, although it is not known at the moment how many users have already been compromised
DHS reported that hackers could use entice potential victims with links to websites that host a malicious Java applet or breach a legitimate website and upload a malicious Java applet.
Specifically, a remote attacker could convince a Web user to visit a specially made Web page, which could then carry out the attack. The attacking code could infect a well-known, legitimate site as well as ones with lesser credibility, and then stage the attack from there. Since there are no known practical solutions, the recommendation was that users disable Java in Web browsers.
Security experts have been scrutinizing the safety of Java since a similar security scare in August, which prompted some of them to advise using the software only on an as-needed basis.
Java was responsible for 50 percent of all cyber attacks last year in which hackers broke into computers by exploiting software bugs, according to Kaspersky. That was followed by Adobe Reader, which was involved in 28 percent of all incidents. Microsoft Windows and Internet Explorer were involved in about 3 percent of incidents, according to the survey.