X
Menu
X

Department of Homeland Security advises immediate disabling of Java due to critical security vulnerability!

The US Department of Homeland Security has issued a Security Vulnerability alert in relation to Java 7.

This is a confirmed alert and at this time we are recommending that everyone simply uninstall Java from their systems immediately.

At this time, there is no known fix, although Java says will be released soon.

Overview

Java 7 Update 10 and earlier Java 7 versions contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

Department of Homeland Security advises immediate disabling of Java due to critical security vulnerability!The Oracle Java Runtime Environment (JRE) 1.7 allows users to run Java applications in a browser or as standalone programs. Oracle has made the JRE available for multiple operating systems.
The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager provided by the browser or Java Web Start plugin. Oracle’s document states“If there is a security manager already installed, this method first calls the security manager’s checkPermission method with aRuntimePermission("setSecurityManager") permission to ensure it’s safe to replace the existing security manager. This may result in throwing a SecurityException".By leveraging the a vulnerability in the Java Management Extensions (JMX) MBean components, unprivileged Java code can access restricted classes. By using that vulnerability in conjunction with a second vulnerability involving the Reflection API and the invokeWithArguments method of the MethodHandle class, an untrusted Java applet can escalate its privileges by calling the the setSecurityManager() function to allow full privileges, without requiring code signing. Oracle Java 7 update 10 and earlier Java 7 versions are affected. The invokeWithArguments method was introduced with Java 7.

This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available. We have confirmed that Windows, OS X, and Linux platforms are affected. Other platforms that use Oracle Java 7 may also be affected.

Impact

By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system. Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability.

Solution

We are currently unaware of a practical solution to this problem. Please consider the following workarounds:
Disable Java in web browsers
to continue reading the alert, click here
Again, a much simpler solution is to simply uninstall Java from your computer until a fix or update is released.
We will also keep you updated as the situation progresses.
——————-
For assistance with this issue, please call us at 612-234-7237.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 10 other subscribers

Featured by Psinergy

:: Recommended Businesses ::


Your Source for Holistic Health Services in the Twin Cities Metro Area

Free monthly magazine promoting holistic health and earth-friendly living practices in the Twin Cities

Archives