The U.S. Department of Homeland Security has warned computer users to disable or uninstall Java software amid fears and an escalation in warnings from security experts that millions of users are vulnerable to a serious flaw in the software.
Hackers discovered a weakness in Java version 7 that could allow the installation of malicious software and malware on machines.
The CERT Program has released Vulnerability Note VU#625617 to address a vulnerability in Oracle Java Runtime Environment (JRE) 7 and earlier that is currently being exploited in the wild. This vulnerability may allow an attacker to execute arbitrary code on vulnerable systems.
US-CERT encourages users and administrators to review the Vulnerability Note VU#625617. This advisory includes possible workarounds that help mitigate the risk against known attack vectors by disabling Java in web browsers.
Java is used by hundreds of millions Windows, Mac and Linux machines across the world. It’s common for the government to advise against security threats, but it’s rare that an agency actively warns users to disable a piece of software.