Homeland Security continues to advise disabling Java 7 and earlier for Windows users until further notice.
This past Friday, Homeland Security discovered a vulnerability in the Oracle Java Runtime Environment (JRE) 7 that allows attackers to execute codes on the PC. Hackers are already exploiting these vulnerabilties via “explore kits,” which are readily available online for anyone to utilize. In order to protect any personal information stored on users’ computers, Homeland Security has suggested all users disable Oracle Java Runtime Environment (JRE) 7. At most risk are Windows users, however those operating Linux or OS X should also disable the software.
Java’s security issues have been of concern these past couple years, so much so that Apple removed the software’s plugins from OS X browsers. While Apple users are most likely safe, it’s still a good idea to check if Java plugins are installed. To disable the software, complete the following steps below:
- Check to see Update 10 is installed and Internet Explorer is not running. For users that have Java 7 but not Update 10, it’s suggested to upgrade as it will be easier to disable Java.
- Go to the Java Control Panel by going to Start/control panel and click Java.
- Once the Java control panel appears, press security then de-select “Enable Java content in the browser.”
Oracle did release an emergency patch, this past Sunday that did fix the exploit, however Homeland Security still urges users to keep the software disabled as attackers with enough knowledge of the Java code base and another zero day bug can still exploit the vulnerability. There are, in fact, around 50 critical Java zero-days that place billions of users at risk. While Oracle has changed the default to high, prompting users to authorize execution of of applets, there are still many severe critical security flaws. All of these security issues, including the latest, may take up to two years to completely fix.
[email protected] | @nardionet