A new vulnerability has been found in the latest version of Java. The vulnerability is a rather massive hole and users with Java installed in their browser should likely disable it right now to prevent themselves from being infected. Have I scared you enough? But wait, I haven't even told you the problem!
The new security hole allows malicious people to break into users' computers and install nasty malware and viruses. This security hole fits into a category of security flaws known as a "zero-day" threat because it is the first time it has been found. Due to this, there currently exists no way to fix the problem or defend against it, other than disabling Java.
The vulnerabilities were actually found back in April, according to a few sources, and they reportedly told Oracle about the problem. However, Oracle had decided to hold off until the October patch release date to do anything about them. Now, the vulnerabilities have been integrated into BlackHole, a hacking tool.
"SophosLabs has seen samples of [the exploit] from Blackhole and are analyzing them now to determine if they actually work," Chester Wisniewski, a senior security adviser at antivirus firm Sophos, said Tuesday via email. "So, yes, we can confirm it has been added, but still working out if they did it right."
My advice, if you have Java 1.7, disable it as this is the only way to not be vulnerable. If you have 1.6 or lower, you may be vulnerable to older holes, but you aren't vulnerable to this latest one. Keep it disabled and hope that Oracle will break schedule. However, they historically have not.
Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.