UPDATED — U.S. agency warns of Java software problem (and fix reportedly coming ‘shortly’)

  • c.2013 New York Times News Service
  • Sunday, January 13, 2013 3:57pm
  • News

c.2013 New York Times News Service

(EDITOR’S NOTE — See also “Java security fix coming ‘shortly’; Up to 850 million machines at risk”: http://www.zdnet.com/java-security-fix-coming-shortly-up-to-850m-machines-at-risk-7000009723/ )

WASHINGTON — The Department of Homeland Security has warned users to disable Java software on their computers, citing a security hole that allows hackers to take control of their machines.

“Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system,” the agency said in an alert issued last week.

“This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered.”

A European security researcher who blogs under the name Kafeine first discovered the vulnerability and posted it to his blog Thursday.

The homeland security agency said that it had confirmed that Microsoft Windows, Apple’s Mac OS X and Linux platforms were all affected and that it was “unaware of a practical solution to this problem.”

It recommended that users disable Java in their Web browsers.

Apple stopped shipping its computers with Java enabled last year, but said it was remotely disabling the Java 7 plug-in on Macs where it had already been installed. Windows and Linux users can disable Java by following this guide on Oracle’s Web site: http://www.java.com/en/download/help/disable_browser.xml

Oracle did not return a request for comment on Sunday. (Oracle told ZDNet that a fix will be made available “shortly”; see link, above.)

Java, a widely used programming language that runs on more than 850 million personal computers, has been the source of security problems before.

Last April, hackers exploited a Java vulnerability to infect more than half a million Apple computers with a vicious form of malware in what was the largest-scale attack on the OS X operating system to date.

A month later, the Shadowserver Foundation, a nonprofit group that tracks cyber threats, discovered that hackers had used a Java security hole to infect visitors to several foreign policy Web sites, including the Web sites of the International Institute for Counter-Terrorism, Amnesty International Hong Kong and the Cambodian Ministry of Foreign Affairs.

The exploit was particularly disconcerting because it let attackers download a malicious program onto its victims’ machines without prompting. Users did not even have to click on a malicious link for their computers to be infected.

The program simply downloaded itself.

Previous
Read about it and weep (more) — Falcons 30, Seahawks 28
Next
PDN speakers available to address clubs, organizations and other gatherings

More in News

Two dead after tree falls in Olympic National Forest

Two women died after a tree fell in Olympic National… Continue reading

Sue Long, left, Vicki Bennett and Frank Handler, all from Port Townsend, volunteer at the Martin Luther King Day of Service beach restoration on Monday at Fort Worden State Park. The activity took place on Knapp Circle near the Point Wilson Lighthouse. Sixty-four volunteers participated in the removal of non-native beach grasses. (Steve Mullensky/for Peninsula Daily News)
Work party

Sue Long, left, Vicki Bennett and Frank Handler, all from Port Townsend,… Continue reading

Portion of bridge to be replaced

Tribe: Wooden truss at railroad park deteriorating

Kingsya Omega, left, and Ben Wilson settle into a hand-holding exercise. (Aliko Weste)
Process undermines ‘Black brute’ narrative

Port Townsend company’s second film shot in Hawaii

Jefferson PUD to replace water main in Coyle

Jefferson PUD commissioners awarded a $1.3 million construction contract… Continue reading

Jen Kingfisher has been hired as the deputy director of the Port Townsend Marine Science Center. (Starre Smith)
Kingfisher hired as Port Townsend Marine Science Center’s deputy director

The Port Townsend Marine Science Center has hired Jen… Continue reading

Scott Mauk.
Chimacum superintendent receives national award

Chimacum School District Superintendent Scott Mauk has received the National… Continue reading

Hood Canal Coordinating Council meeting canceled

The annual meeting of the Hood Canal Coordinating Council, scheduled… Continue reading

Bruce Murray, left, and Ralph Parsons hang a cloth exhibition in the rotunda of the old Clallam County Courthouse on Friday in Port Angeles. The North Olympic History Center exhibit tells the story of the post office past and present across Clallam County. The display will be open until early February, when it will be relocated to the Sequim City Hall followed by stops on the West End. The project was made possible due to a grant from the Clallam County Heritage Advisory Board. (Dave Logan/for Peninsula Daily News)
Post office past and present

Bruce Murray, left, and Ralph Parsons hang a cloth exhibition in the… Continue reading

This agave grew from the size of a baseball in the 1990s to the height of Isobel Johnston’s roof in 2020. She saw it bloom in 2023. Following her death last year, Clallam County Fire District 3 commissioners, who purchased the property on Fifth Avenue in 2015, agreed to sell it to support the building of a new Carlsborg fire station. (Matthew Nash/Olympic Peninsula News Group file)
Fire district to sell property known for its Sequim agave plant

Sale proceeds may support new Carlsborg station project

As part of Olympic Theatre Arts’ energy renovation upgrade project, new lighting has been installed, including on the Elaine and Robert Caldwell Main Stage that allows for new and improved effects. (Olympic Theatre Arts)
Olympic Theatre Arts remodels its building

New roof, LED lights, HVAC throughout

Weekly flight operations scheduled

Field carrier landing practice operations will be conducted for aircraft… Continue reading