US-CERT: Disable Java in browsers because of exploit

No other 'practical solution' to the Java vulnerability exists, the cybersecurity agency says

By Grant Gross

January 11, 2013 04:11 PM ET

IDG News Service - Internet users should consider disabling Java in their browsers because of an exploit that can allow remote attackers to execute code on a vulnerable system, the U.S. Computer Emergency Readiness Team (US-CERT) recommended late Thursday.

Security researchers reported this week that cybercriminals were using a zero-day vulnerability in Java to attack computer systems. Attackers were using the vulnerability to stealthily install malware on the computers of users who visit compromised websites, researchers said.

The US-CERT security warning said the agency is "unaware of a practical solution to this problem."

Instead, US-CERT recommended Internet users disable Java in browsers. US-CERT is part of the U.S. Department of Homeland Security.

The problem can allow an untrusted Java applet to escalate its privileges, without requiring code signing. Oracle Java 7 update 10 and earlier are affected, US-CERT said.

"This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits," US-CERT added. "Exploit code for this vulnerability is also publicly available."

Two spokeswomen for Oracle, the company that distributes Java, weren't immediately available for comment.

Sorin Mustaca, a security expert for security vendor Avira wrote a blog post Friday on how to deactivate Java in browsers.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Comments ()

Print

Reprinted with permission from IDG.net. Story copyright 2012 International Data Group. All rights reserved.

Today's Top Stories

Beach reads for techies 2013

Google Glass breaks into business

Republicans package H-1B plan in attractive website

Intel claims Haswell will offer 50% more battery life in laptops

Windows 8 users snub 'Modern' apps, stick to desktop

Microsoft brushes off claim Xbox Live accounts were compromised

Google tests enhanced notifications in Chrome browser

From CSOonline and CIO

Google I/O 2013's Coolest Products and Services

10 Star Trek Technologies That are Almost Here

19 Generations of Computer Programmers

25 Must-Have Technologies for SMBs

A walking tour: 33 questions to ask about your company's security

15 social media scams

The 7 elements of a successful security awareness program

Additional Resources

WHITE PAPER

How Cloud Communications Reduce Costs and Increase Productivity

Small and midsize businesses are moving to the cloud to host their communications capabilities. Learn how enterprise-quality phone benefits, online management, conferencing, auto attendant, and ease of use are built into a system that is half the cost of a PBX.

Read now.

Free Insider Guide

IT Certification Study Tips

Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.

Register for FREE now! »

Internet Resources

Is Your Service Desk Falling Behind? Read this use case document to understand how social IT collaboration can breathe new life into your existing service desk or ITSM installation...

Three IT Imperatives CIOs Use To Drive Change Throughout the Enterprise CIOs who have been successful in bridging the divide between IT operations and business did it by accelerating the transformation of IT.

Improving Change Management Through Collaboration Read this use case document to explore a real-world example of how social knowledge collaboration improves the accuracy and speed of change planning.

Defending Against Today's Targeted Phishing Attacks Learn guidelines on how to recognize advanced threats and protect yourself from them.

Becoming An Analytics Driven Organization Join us on Tuesday, June 18, 2013, 11:00 AM EDT and learn how your agency can create an analytics culture that will enable...

3 Reasons Why Sepaton is the World's Fastest Backup Solution Leading analyst, Storage Switzerland learns how Sepaton backs up and deduplicates massive data volumes while maintaining the industry's fastest performance - all in...
All Internet White Papers | Webcasts

New newsletter: Consumerization of IT

Our weekly newsletter will cover a wide range of topics and trends related to consumerization. Stay up to date with news, reviews and in-depth coverage of BYOD, smartphones, tablets, MDM, cloud, social and how consumerization affects IT. Subscribe now!

IT Jobs

See All Jobs Post a job for $295

Jobs by SimplyHired

Internet White Papers | All Internet White Papers

Is Your Service Desk Falling Behind?

Improving Change Management Through Collaboration

Security Overview Websense ACE (Advanced Classification Engine)

The Case and Criteria for Embedded DLP with Advanced Malware Defenses

Frost & Sullivan: Overcoming Barriers to Video Adoption in the Workplace

The Great Video Conferencing Debate: Cost Vs. Quality

Transforming Customer Experience: The Convergence of Social, Mobile, and BPM

Business Intelligence Shows its Smarts

Inquiry Spotlight: Consumer-Facing Identity

Key Drivers: Why CIOs Believe Empowered Users Set the Agenda for Enterprise Security

Three IT Imperatives CIOs Use To Drive Change Throughout the Enterprise

Defending Against Today's Targeted Phishing Attacks

Putting Next Generation Threat Detection to the Test

IDC Report: The Future of eMail is Social

Video Conferencing: A TCO Analysis

Comparing Consumer and Enterprise Online File Sharing

Harness IT -- An Introduction to Business Intelligence Solutions

Proactive Planning for Big Data

IDC Security Infographic

Security Empowers Business

Sponsored Links

Base your business decisions on complete, accurate data-with SAP®.

Finally, a tablet that thinks the way you work. Intel®-based tablets

Improve your ROI by the power of three with HP Converged Storage.

Splunk - Machine data goes in, business insight comes out. Learn more.

Focus on business, not infrastructure with VblockTM Systems from VCE

Platform without Boundaries - Extend your Datacenter

What's your Integration Strategy? View Gartner Predicts 2013: Application Integration.

MIT Sloan: cutting-edge short courses for busy executives

AirWatch - Leader in the Gartner Magic Quadrant Report for MDM. Download Now

Connect to the Cloud faster with Comcast Business

MIT Sloan: cutting-edge short courses for busy executives

Imagine a future shaped by simplicity. See it at HP Discover 2013. Register Now.

Join the Peer-Driven Community For All Things Mobility

openBench Labs: How Diskeeper 12 Keeps the Latest Windows OS Running Like New

Redefine Mobility Mgmt at Enterprise Mobile Hub

Download Microsoft's latest Data Protection Management tool

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

"The Definitive Guide to Security Management" Chapter 1: Introduction to Security Management

Increase your speed and agility with big data analytics from SAP®.

How big is your 'phishing attack surface'? Find out now. A new free service!

Intel ProLiant -Double compute density to tackle bigger workloads with HP ProLiant servers. Learn more

Cervalis-S.S.A.E. 16 data centers keep critical IT applications running.

Jumpstart business transformation with VCE solutions for SAP

Check out Gartner Predicts 2013: Application Integration

Rugged and reliable Panasonic Toughbook® mobile computers.

New CIO Playbook helps you commit to SLAs with confidence.

Transform enterprise IT with ServiceNow. See how easy IT can be.

DEMO Velocity: Create branded interactive live events & training.

See how Royal Caribbean is unlocking intelligence w/ Windows Embedded.

BlackBerry for business. Built to keep your business moving.

IDC Report: Managing the I/O Explosion Without Extra Hardware

Top Ten Myths About Recovering Deleted Files

Online Master of Science in Information Systems at Northwestern University

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

"The Definitive Guide to Security Management" Chapter 1: Introduction to Security Management

Introducing: Project Icebreaker

Resource Center

See your link here

Skip to top

About Us

Advertise

Contacts

Editorial Calendar

Subscribe to Computerworld Magazine

Help Desk

Newsletters

Careers at IDG

Privacy Policy

Reprints

Site Map

Ad Choices

The IDG Network:

CFOworld

CIO

CITEworld

Computerworld

CSO

DEMO

IDC

IDG

IDG Connect

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

InfoWorld

ITwhitepapers

ITworld

JavaWorld

LinuxWorld

Macworld

Network World

PC World

TechHive

Technology Briefcase

Copyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.