Department of Homeland Security warns American web users that a flaw in Java software still leaves a serious vulnerability.
Oracle, Java’s makers supplied a repair late Sunday night for an issue they were experiencing. Homeland Security stepped in and decided the change was not sufficient enough and asked users to disable Java on all internet browsers
With an updated alert, the department stated “unless it is absolutely necessary to run Java in web browsers, disable it. This will help mitigate other Java vulnerabilities that may be discovered in the future.”
Rarely is the government lending advice or intervening with software issues but last week the Department of Homeland Security wrote on its website, “Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. This and previous Java vulnerabilities are likely to be discovered.”
Java is a common plug-in, which is used on more than 3 billion devices worldwide. Unfortunately, Java has been recently plagued with security intrusions.
In Kaspersky Labs’ most recent security bulletin, the firm wrote “While we called 2011 the year of the vulnerability, 2012 can justifiably be described as the year of the Java vulnerability, with half of all detected exploit-based attacked targeting vulnerabilities in Oracle Java.”
Homeland Security describes the potential impact of this latest vulnerability: “By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system. Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability.”
On a Windows machine, Java can be disabled by clicking on the Java icon in the control panel and then unchecking the box for “enable Java content in the browser” on the security panel.
Unfortunately, most end-users are unaware of the threats that occur daily globally by visit some website that contain the arbitrary code. People should share their thoughts on the topic;
- what should be done differently?
- Is Homeland Security fulfilling their duty?
- Will this be solved, if so, how?
Don’t hesitate to share….
Tech IT Fast, Inc. “Customer Satisfaction is our Promise, Quality Service is our Guarantee”