Experts urge PC users to disable Java, cite security flaw
Security flaw ... experts are advising PC users to disable Oracle's Java software. Photo: Reuters
Computer users are being advised by security experts to disable Oracle's widely used Java software after a security flaw was discovered in the past day that they say hackers are exploiting to attack computers.
"Java is a mess. It's not secure," said Jaime Blasco, Labs Manager with AlienVault Labs. "You have to disable it."
Java, which is installed on hundreds of millions of PCs around the globe, is a computer language that enables programmers to write software using just one set of code that will run on virtually any type of computer.
It is used so that web developers can make sites accessible from browsers running on Microsoft Windows PCs or Apple Macs.
Computer users access those programs through modules, or plug-ins, that run Java software on top of browsers such as Internet Explorer and Firefox.
The US Department of Homeland Security also said people should stop using Java software.
"This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits," the department's Computer Emergency Readiness Team (CERT) said in a notice on its website. "We are currently unaware of a practical solution to this problem."
The recommended solution was to disable Java. Three computer security experts also said computer users should disable those Java modules to protect themselves from attack.
A spokeswoman for Oracle said she could not immediately comment on the matter.
"This is like open hunting season on consumers," said HD Moore, chief security officer with Rapid7, a company that helps businesses identify critical security vulnerabilities in their networks.
Moore said machines running on Mac OS X, Linux or Windows all appear to be vulnerable to attack.
Marc Maiffret, chief technology officer with BeyondTrust, said businesses may need to keep using Java to access some websites and internet-based programs that run on the technology.
"The challenge is mainly for businesses, however, which have to use it for some applications," he said. "Oracle simply needs to do a lot more to secure Java and get their act together."
Security experts said the risk of attack is currently high because developers of several popular tools known as exploit kits that criminals use to attack PCs have added software that allows hackers to exploit the newly discovered bug in Java to attack computers.