John Marwood
I ♥ cryptic crosswords
http://www.telegraph.co.uk/technology/news/9803426/Web-users-must-disable-Java.html
Department of Homeland Security warns American web users that a flaw in Java
software still leaves a serious vulnerability.
Java’s makers, Oracle, issued a fix for a ‘serious security flaw’ on Sunday,
but the US government said it was not sufficient and asked users to disable
Java on all internet browsers.
In an updated alert, the
department said “unless it is absolutely necessary to run Java in web
browsers, disable it. This will help mitigate other Java vulnerabilities
that may be discovered in the future.”
Government intervention in such software issues is rare, but last week the
Department for Homeland Security wrote on its website that “[The] Java 7
Update 10 and earlier contain an unspecified vulnerability that can allow a
remote, unauthenticated attacker to execute arbitrary code on a vulnerable
system. This and previous Java vulnerabilities have been widely targeted by
attackers, and new Java vulnerabilities are likely to be discovered.” It has
since added that update 11 remains flawed.
Java is installed on more than 3 billion devices worldwide, and has been
plagued by security problems. Some reports blame it for more than half of
all cyber attacks globally.
In Kaspersky Labs’ latest security bulletin, the firm wrote “While we called
2011 the year of the vulnerability, 2012 can justifiably be described as the
year of the Java vulnerability, with half of all detected exploit-based
attacks targeting vulnerabilities in Oracle Java”.
The Department describes the potential impact of this latest vulnerability:
“By convincing a user to visit a specially crafted HTML document, a remote
attacker may be able to execute arbitrary code on a vulnerable system. Note
that applications that use the Internet Explorer web content rendering
components, such as Microsoft Office or Windows Desktop Search, may also be
used as an attack vector for this vulnerability.”
Java has now taken over from weaknesses in Adobe Flash and Microsoft Windows
and Internet Explorer as the main loophole exploited by computer hackers.
Apple has switched to shipping its computers without Java enabled, but users
with Java on Macs, PCs and Linux systems are all vulnerable.
On a Windows machine, Java can be disabled by clicking on the Java icon in the
control panel and then unchecking the box for “enable Java content in the
browser” on the security panel.
Department of Homeland Security warns American web users that a flaw in Java
software still leaves a serious vulnerability.
Java’s makers, Oracle, issued a fix for a ‘serious security flaw’ on Sunday,
but the US government said it was not sufficient and asked users to disable
Java on all internet browsers.
In an updated alert, the
department said “unless it is absolutely necessary to run Java in web
browsers, disable it. This will help mitigate other Java vulnerabilities
that may be discovered in the future.”
Government intervention in such software issues is rare, but last week the
Department for Homeland Security wrote on its website that “[The] Java 7
Update 10 and earlier contain an unspecified vulnerability that can allow a
remote, unauthenticated attacker to execute arbitrary code on a vulnerable
system. This and previous Java vulnerabilities have been widely targeted by
attackers, and new Java vulnerabilities are likely to be discovered.” It has
since added that update 11 remains flawed.
Java is installed on more than 3 billion devices worldwide, and has been
plagued by security problems. Some reports blame it for more than half of
all cyber attacks globally.
In Kaspersky Labs’ latest security bulletin, the firm wrote “While we called
2011 the year of the vulnerability, 2012 can justifiably be described as the
year of the Java vulnerability, with half of all detected exploit-based
attacks targeting vulnerabilities in Oracle Java”.
The Department describes the potential impact of this latest vulnerability:
“By convincing a user to visit a specially crafted HTML document, a remote
attacker may be able to execute arbitrary code on a vulnerable system. Note
that applications that use the Internet Explorer web content rendering
components, such as Microsoft Office or Windows Desktop Search, may also be
used as an attack vector for this vulnerability.”
Java has now taken over from weaknesses in Adobe Flash and Microsoft Windows
and Internet Explorer as the main loophole exploited by computer hackers.
Apple has switched to shipping its computers without Java enabled, but users
with Java on Macs, PCs and Linux systems are all vulnerable.
On a Windows machine, Java can be disabled by clicking on the Java icon in the
control panel and then unchecking the box for “enable Java content in the
browser” on the security panel.