Time to uninstall Java?
When do hackers sleep? Seriously. Everyday they are hacking into something new, exposing some security flaw, and freaking out computer users and IT managers. According to Slate:
Hackers have found a flaw in Oracle's Java software that allows them to break into users' computers and install nasty malware, security experts report. The attack, first spotted on Sunday by researchers at the security firm FireEye, is what security types call a "zero-day" threat, exploiting a previously unknown vulnerability for which there is currently no fix available.
The loophole appears to affect Java Version 7 (also known as 1.7) on all browsers. So far the attacks have been against PCs, but Mac users are vulnerable as well. Businesses should be especially concerned about targeted attacks, but just about anyone who uses Java on the Internet is at risk, especially since the attack has been added to the Internet's most popular hacking kit, BlackHole.
Sounds serious, but what’s it mean for me and you? Hint: RUN!!
Given the potential seriousness and pervasiveness of the attacks—and Oracle's reputation for being slow on the draw in response to Java vulnerabilities—experts say that everyday Internet users should probably just disable Java entirely. Like, right now.
"Java has been the most exploited program for well over a year now and it simply isn't worth the risk," Chet Wisniewski of the security firm Sophos told me in an email. "I would recommend removing Java entirely, if you can.
The Slate article explains how to going about disabling Java. The nakedsecurity blog has advice for folks who need to keep using it. MacWorld has published a guide for Mac users to check whether or not they are vulnerable.