The U.S. Department of Homeland Security is urging computer users to provisionally disable or uninstall Java software on their personal computers amid growing security concerns about vulnerability in the Oracle's programming platform that can invite potential hacking attacks.
Homeland Security's Computer Emergency Readiness Team (US-Cert) released a public warning on Vulnerability Note VU#625617 to address the weakness in Oracle Java Runtime Environment (JRE) 7 and earlier versions, which the teams said is presently being exploited in the wild. "Java 7 Update 10 and earlier contains an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system," the warning description said while admitting that it is unaware of a practical solution to the issue at this point in time.
The warning call came following serious concerns expressed by security experts who discovered a new Trojan horse called Mal/JavaJar-B in Java's coding that allows hackers to execute code on any computer running Java including the latest version of the runtime (7u10). According to a CNET report, Windows, Linux and Unix systems are reportedly under attack from this malware. Sophos has described the exploit as a zero-day attack because the malware has been in active use even before experts had a chance to investigate and patch it.
Meanwhile, Apple made a quick move on the issue disabling Java 7 on Macs that already have the plug-in installed, MacRumors reported. According to the report, Apple did the blocking by updating its "Xprotect.plist" blacklist which now requires a minimum of 1.7.0_10-b19 version of Java 7, which is yet to be released. With 1.7.0_10-b18 being the latest publicly available version Java 7, the Apple computers running Java 7 will mark it as a malware. This will be resolved as and when Oracle issues a security patch. Oracle is yet to react on the issue.