Department of Homeland Security warns American web users that a flaw in Java software still leaves a serious vulnerability
Java’s makers, Oracle, issued a fix for a ‘serious security flaw’ on Sunday, but the US government said it was not sufficient and asked users to disable Java on all internet browsers.
In an updated alert, the department said “unless it is absolutely necessary to run Java in web browsers, disable it. This will help mitigate other Java vulnerabilities that may be discovered in the future.”
Government intervention in such software issues is rare, but last week the Department for Homeland Security wrote on its website that “[The] Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered.” It has since added that update 11 remains flawed.
Java is installed on more than 3 billion devices worldwide, and has been plagued by security problems. Some reports blame it for more than half of all cyber attacks globally.
In Kaspersky Labs’ latest security bulletin, the firm wrote “While we called 2011 the year of the vulnerability, 2012 can justifiably be described as the year of the Java vulnerability, with half of all detected exploit-based attacks targeting vulnerabilities in Oracle Java”.
The Department describes the potential impact of this latest vulnerability: “By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system. Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability.”
Java has now taken over from weaknesses in Adobe Flash and Microsoft Windows and Internet Explorer as the main loophole exploited by computer hackers. Apple has switched to shipping its computers without Java enabled, but users with Java on Macs, PCs and Linux systems are all vulnerable.
On a Windows machine, Java can be disabled by clicking on the Java icon in the control panel and then unchecking the box for “enable Java content in the browser” on the security panel.
uccess�nmb�:� ��� ill also feature 5-megapixel rear camera and a 1.6-megapixel front camera.
On the earning calls for its most recent results, Zuckerberg said “We’re not going to build a phone”, but emphasised that it was easy to integrate with Android because of its open architecture.
“A vertically integrated, horizontally deployed Facebook ‘mini-ecosystem’ will move the needle on user engagement and therefore advertising revenues more effectively than if Facebook attempted to introduce it’s own proprietary phone/OS into a crowded field against better funded competitors,” he said. “Tactically, it’s a brilliant move.”