On one side where Oracle - Java’s makers issued a fix for a ‘serious security flaw’, the US Government went a step ahead and asked users to diable Java on all internet browsers. The department alerted“Unless it is absolutely necessary to run Java in web browsers, disable it. This will help mitigate other Java vulnerabilities that may be discovered in the future.”
The Department for Homeland Security wrote on its website last week that “[The] Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered.”
The Department describes the potential impact as follows: “By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system. Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability.”
To disable Java on a Windows machine, one should click on the Java icon in the control panel and then uncheck the box for “enable Java content in the browser” on the security panel. Internet explorer is the main loophole that has been taken over by Java. Apple has switched to shipping its computers without enabling Java, but Macs and Linux are all vulnerable.