Major Java 7 Security flaw US Department of Homeland Security Intervenes

Posted January 12, 2013 by in Security

There has been a major security issue regarding Java 7 , Update 10 and the  U.S. Department of Homeland Security has warned all users to disable or uninstall Java software on their computers, amid continuing fears and an escalation in warnings from security experts that hundreds of millions of business and consumer users are vulnerable to a serious flaws which hackers can use to hack your computer and steal your identity.

Here is a demonstration of the hack

Hackers have discovered a weakness in Java 7 security that could allow the installation of malicious software and malware on machines that could increase the chance of identity theft, or the unauthorized participation in a botnet that could bring down networks or be used to carry out denial-of-service attacks against Web sites.

“We are currently unaware of a practical solution to this problem,” said the DHS’ Computer Emergency Readiness Team (CERT) in a post on its Web site on Thursday evening. “This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available.”

Java users should disable or uninstall Java immediately to mitigate any damage.

The latest flaw, as earlier reported by ZDNet, is currently being exploited in the wild, security experts have warned. Alienvault Labs have reproduced and verified claims that the new zero-day that exploits a vulnerability in Java 7, according to security expert Brian Krebs.

As you can see below we tricked the malicious Java applet to execute the calc.exe in our lab.

Verifying the flaw, security researchers were able to trick the malicious Java applet to execute the Windows calculator. Credit: Alienvault Labs

Java is used by hundreds of millions of Windows, Mac and Linux machines — along with mobile devices and embedded systems — around the world to access interactive content or Web applications and services.

It’s not uncommon for the U.S. government — or any other government agency — to advise against security threats, but rarely does an agency actively warn to disable software; rather they offer advice to mitigate such threats or potential attacks, such as updating software on their systems.


About the Author

Subin Mathew

A Technology enthusiast that is looking forward to the future while realizing that we are living in the "golden age" or shall I say in the age of pure Silicon .


Be the first to comment!

Leave a Response