New Java vulnerability being exploited in the wild

MANILA, Philippines - Those of you with Java plugins on your computers will want to disable or uninstall it for a bit. A new report is pointing to a vulnerability in Java that is currently being exploited.

The US Computer Emergency Readiness Team (US-CERT) issued a notice saying that, "Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system."

According to the report, users who visit a "specially crafted HTML document" can become susceptible to remote attackers who can fire off "arbitrary code" on the affected system. For example, AlienVault Labs noted it was able to replicate the issue and make an affected system run a calculator program without user prompts.

The vulnerability was first found out by a French researcher called Kafeine who posted relevant findings on his Malware Don't Need Coffee blog.

The only way to remedy the issue at present is to disable Java or otherwise uninstall Java from your system. Searching on Google should provide additional information on uninstalling Java relative to your system, but How-To Geek and Sophos both have walkthroughs for disabling Java on most browsers. - Rappler.com

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.

image