Are you still running Java on your browser? If so, you should probably go ahead and disable the software now, according to the U.S. Department of Homeland Security. Java is very "vulnerable" to attacks from hackers, numerous outlets are reporting.
"A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a "drive-by download" attack)," said the Department of Homeland Security in an announcement.
"Any web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors. Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available."
"We are currently unaware of a practical solution to this problem," said a notice recently released by CERT, a group sponsored by the Homeland Security Department's cybersecurity division.
The kind of "vulnerability" the Department of Homeland Security is describing essentially gives hackers an open door to your computer. If you visit a hacked website, or are tricked into doing so by a hacker in the know, hackers can then use Java applications to take control of your computer, which could result in such crimes as identity theft.
The owner of Java, Oracle has released an update that supposedly fixes all these issues, but as Slate notes, you're likely better off just disabling Java in your browser altogether.
"[The update] might sound like a prompt response, until you consider that security researchers allegedly notified the company about the bug months ago. Or that the patch apparently leaves in place weaknesses that criminals could still exploit. Or that this is just the latest in a long string of Java problems that have made the language the overwhelming top choice for software-based computer hacks," said Slate.
Also, according to Reuters, the security firm Kaspersky Lab estimates Java was used in 50 percent of all hacker attacks in which hackers broke into computers by exploiting software bugs.
How to disable Java
If you've got a Mac, you're in luck; your work is probably already done. According to MacRumors, Apple has already fixed the issue by disabling Java on Macs running its OS X operating system.
For everyone else, first check out which version of Java you're running. CERT's announcements have focused on Java 7. If you have Java 7, and you'd like to disable it, CERT notes that as of the Java 7 update 10 users can now diable Java content in web brosers through the Java control panel applet.
In Firefox, select "Tools" from the main menu, go to "Add-ons," then click the "Disable" button next to any Java plug-ins.
In Safari, click on "Safari" in the main menu bar, then "Preferences," then select the "Security" tab and uncheck the button next to "Enable Java."
In Chrome, type or copy "Chrome://Plugins" into your browser's address bar, then click the "Disable" button below any Java plug-ins.
In Internet Explorer, follow these instructions for disabling Java in all browsers via the Control Panel. There is reportedly no way to entirely disable Java in Internet Explorer.
- Contribute to this Story:
- Send us a tip
- Send us a photo or video
- Suggest a correction
