Java flaw poses serious threat to PC users
A serious flaw in the Java software found on most personal computers could expose the machines to being taken over by malicious attacks over the internet, US CERT, part of the Department of Homeland Security and the agency responsible for policing such vulnerabilities warned on Thursday.
The vulnerability has already been used to mount attacks, according to security researchers, inviting an immediate action from computer users to disable Java on their computers as no fix has been developed so far. Java is a set of several computer software products and specifications from Sun Microsystems (which has since merged with Oracle Corporation), that together provide a system for developing application software and deploying it in a cross-platform computing environment. Java is used in a wide variety of computing platforms from embedded devices and mobile phones on the low end, to enterprise servers and supercomputers on the high end and used to enable features of certain websites to run on all machines regardless of operating system The flaw in Java, was highlighted by US-CERT, in its Vulnerability Note VU#625617 and US-CERT Alert TA13-010A. Reportedly, the vulnerability was first identified by Kafeine, an independent researcher, who reported it to the agency.
In the bulletin warning of the security flaw, US-CERT said it was “unaware of a practical solution to this problem” and advised computer users to ” disable Java content in web browsers through the Java control panel applet.”
Security experts said the risk of attack is currently high because developers of several popular tools known as exploit kits that criminals use to attack PCs have added software that allows hackers to exploit the newly discovered bug in Java to attack computers.
“Java is a mess. It’s not secure,” said Mr Jaime Blasco, Labs Manager with AlienVault Labs.
“This is like open hunting season on consumers,” said Mr HD Moore, Chief Security Officer with Rapid7, a company that helps businesses identify critical security vulnerabilities in their networks. Mr Moore said machines running on Mac OS X, Linux or Windows all appear to be vulnerable to attack.
Mr Marc Maiffret, Chief Technology Officer with BeyondTrust, said that businesses may need to keep using Java to access some websites and Internet-based programs that run on the technology.