Computer security firms Rapid7, AlienVault and others warn that unless
PC users to disable the widely installed free Java software in their browsers, as the software from Oracle is likely to open machines to hacker attacks and there is no way to defend against hackers, viruses and malware.
Researchers have identified code that attacks machines by exploiting a newly discovered flaw in the latest version of Java. Once in, a second piece of software called “Poison Ivy” is released that lets hackers gain control of the infected computer, said Jaime Blasco, a research manager with AlienVault Labs.
Several security firms advised users to immediately disable Java software — installed in some form on the vast majority of personal computers around the world — in their internet browsers. Oracle says that Java sits on 97 per cent of enterprise desktops.
If exploited, the attacker will be able to perform any action the victim can perform on the victim’s machine, according to Tod Beardsley, an engineering manager with Rapid 7′s Metasploit division.
Computers can get infected without their users’ knowledge simply by a visit to any website that has been compromised by hackers, said Joshua Drake, a senior research scientist with the security firm Accuvant.
Security experts recommended that users not enable Java for universal use on their browsers. Instead, they said it was safest to allow use of Java browser plug-ins on a case-by-case basis.
Rapid7 has set up a web page that tells users whether their browser has a Java plug-in installed that is vulnerable to attack: http://www.isjavaexploitable.com/