U.S. government advises users to disable Java
12th Jan 2013 | 20:51
Zero-day flaw prompts rare response from Homeland Security
The Department of Homeland Security (DHS) warned Americans on Thursday about a dangerous flaw in Java's latest version, and advised users to disable Java to prevent exploitation.
When the zero-day flaw was discovered by the DHS' Computer Emergency Readiness Team (CERT), there were already publicly available exploit kits taking advantage of the security hole.
The problem stems from a permissions loophole in Java 7 that allows an external user to elevate privileges of an untrusted Java applet to install malware, issue a denial of service attack, or manipulate the affected machine.
The DHS' response to learning of the potential threat was to issue a warning with instructions to disable Java content in web browsers, a rare suggestion from an organization that sees plenty of broken code.
In the report issued by the DHS' CERT, the team said, "We are currently unaware of a practical solution to this problem."
In response, Apple has blocked the Java 7 OS X plugin. Microsoft and Google have yet to formally respond.
Oracle told Reuters that "a fix will be available shortly" and did not elaborate.
It's rumored that Oracle knew about the potential security risk in Java 7's code as early as October 2012.