Latest Java software opens PCs to hackers - experts
The warnings, which began emerging over the weekend from Rapid7, AlienVault and other cyber security firms, are likely to unnerve a PC community scrambling to fend off growing security threats from hackers, viruses and malware.
Researchers have identified code that attacks machines by exploiting a newly discovered flaw in the latest version of Java. Once in, a second piece of software called "Poison Ivy" is released that lets hackers gain control of the infected computer, said Jaime Blasco, a research manager with AlienVault Labs.
Several security firms advised users to immediately disable Java software installed in some form on the vast majority of personal computers around the world in their Internet browsers. Oracle says that Java sits on 97 percent of enterprise desktops.
"If exploited, the attacker will be able to perform any action the victim can perform on the victim's machine," said Tod Beardsley, an engineering manager with Rapid7's Metasploit division.
Computers can get infected without their users' knowledge simply by a visit to any website that has been compromised by hackers, said Joshua Drake, a senior research scientist with the security firm Accuvant.
Java is a computer language that enables programmers to write one set of code to run on virtually any type of machine. It is widely used on the Internet so that Web developers can make their sites accessible from multiple browsers running on Microsoft Windows PCs or Macs from Apple Inc.
An Oracle spokeswoman said she could not immediately comment on the matter.
Security experts recommended that users not enable Java for universal use on their browsers. Instead, they said it was safest to allow use of Java browser plug-ins on a case-by-case basis when prompted for permission by trusted programs such as GoToMeeting, a Web-based collaboration tool from Citrix Systems Inc.
Rapid7 has set up a web page that tells users whether their browser has a Java plug-in installed that is vulnerable to attack: http://www.isjavaexploitable.com/
Copyright Thomson Reuters 2012
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.