Java security: Still an issue for web browsers
According to US-CERT Alert TA13-010A, a major vulnerability re: how Java 7 restricts permissions of various Java applets could possibly allow attackers and hackers to run arbitrary commands on a vulnerable ciomputer system. All web browsers still using Java 7 plug-ins are affected; we recommend that you disable Java in your web browser(s) now if you have not done so already. Also, the Java Deployment Toolkit plug-in and Java Web Start could also potentially be used to attack unsecure PCs.
Online attackers have wasted no time seizing on a critical vulnerability in Oracle’s Java software framework that makes it possible to install malware on computers running Windows, Mac OS X, or Linux.
(Source: Attack targeting critical Java bug added to hack-by-numbers exploit kit – Ars Technica Risk Assessment, Security, and Hacktivism)
Given the potential seriousness and pervasiveness of the attacks—and Oracle’s reputation for being slow on the draw in response to Java vulnerabilities—experts say that everyday Internet users should probably just disable Java entirely. Like, right now.
"Java has been the most exploited program for well over a year now and it simply isn’t worth the risk," Chet Wisniewski of the security firm Sophos told me in an email. "I would recommend removing Java entirely, if you can."
That’s not as problematic as it might sound. Java is not as popular on websites as it once was, and the average browser will rarely run across it, Wisniewski says. Sadly, it does mean that my old favorite Java game, Voodoo Bowl, is out of the question.
(Source: Why You Should Probably Disable Java on Your Browser Right Now – Slate [Dec 2012])
How to disable Java in your web browser
Here are basic instructions on how to disable Java in popular web browsers.
How to disable Java in Firefox web browser
In Firefox, select
Tools from the main menu, then select
Add-ons, then click the
Disable button next to any listed Java plug-ins.
How to disable Java in Google Chrome web browser
In Google Chrome, type
Chrome://Plugins into your browser’s address bar, then click the
Disable button which should appear beneath any offending Java plug-ins.
How to disable Java in Safari web browser
In Safari, tap
Safari (main menu bar), then hit
Preferences, then the
Security tab and uncheck the button next to
NOTE: If your browser was not listed above and you are not sure how to disable Java in your web browser(s), you’ll find plenty of instructions by Googling,” How to disable Java in [your web browser].”
If you are still using IE (Microsoft Internet Explorer) then we must ask, Why on earth are you still using it?
Switch to Google Chrome or Mozilla Firefox, already!
Hey. it’s just a suggestion. Happy computing… and thanks for visiting!
Resources: Still haven’t disabled Java in your web browser?
- No, Seriously, Just Disable Java in Your Browser Right Now – Slate (Jan 2013)
- Oracle Java 7 Security Manager Bypass Vulnerability – US-CERT: United States Computer Emergency Readiness Team – U.S. Dept. of Homeland Security (Jan 2013)
- Why You Should Probably Disable Java on Your Browser Right Now – Slate (Dec 2012)
- Zero-Day Season is Not Over Yet: New Java zero-day vulnerability has been spotted in the wild – FireEye Malware Intelligence Lab: Threat research, analysis, and mitigation (Aug 2012)
- Attack targeting critical Java bug added to hack-by-numbers exploit kit: “Please, for the love of your computer, disable Java on your browser.” – Ars Technica Risk Assessment, Security, and Hacktivism (Aug 2012)