|
|
Friday, January 11, 2013
|
Java Said To Put Computers in High Risk
|
|
You are sending an email that contains the article
and a private message for your recipient(s). |
| Your Name: |
|
| Your e-mail: |
* Required! |
| Recipient (e-mail): |
* |
| Subject: |
* |
| Introductory Message: |
|
HTML/Text
(Photo: Yes/No) |
(At the moment, only Text is allowed...)
|
| |
|
| Message Text: |
The US Department of Homeland Security warned Thursday that a flaw in Java
software could allow an attacker to execute commands on a
PC system.
System using Oracle Java 7 (1.7, 1.7.0) including
Java Platform Standard Edition 7 (Java SE 7), Java SE
Development Kit (JDK 7), Java SE Runtime Environment (JRE
7) as well as web browsers using the Java 7 plug-in are at
high risk, the department said.
The vulnerability in the Java Security Manager allows a
Java applet to grant itself permission to execute
arbitrary code. An attacker could use social engineering
techniques to entice a user to visit a link to a website
hosting a malicious Java applet. An attacker could also
compromise a legitimate web site and upload a malicious
Java applet (a "drive-by download" attack).
"This vulnerability is being attacked in the wild, and is
reported to be incorporated into exploit kits," the
department's Computer Emergency Readiness Team said in a
notice on its website.
"We are currently unaware of a practical solution to this
problem."
The recommended solution was to disable Java, which
typically runs as a plug-in program in web browsers.
"A fix will be available shortly," Oracle said in a statement released late on Friday.
Oracle added that the recently discovered flaw only affects Java 7, the program's most-recent version, and Java software designed to run on browsers. |
|
|
|
|