UPDATED — U.S. agency warns of Java software problem (and fix reportedly coming ‘shortly’)

  • c.2013 New York Times News Service
  • Sunday, January 13, 2013 3:57pm
  • News

c.2013 New York Times News Service

(EDITOR’S NOTE — See also “Java security fix coming ‘shortly’; Up to 850 million machines at risk”: http://www.zdnet.com/java-security-fix-coming-shortly-up-to-850m-machines-at-risk-7000009723/ )

WASHINGTON — The Department of Homeland Security has warned users to disable Java software on their computers, citing a security hole that allows hackers to take control of their machines.

“Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system,” the agency said in an alert issued last week.

“This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered.”

A European security researcher who blogs under the name Kafeine first discovered the vulnerability and posted it to his blog Thursday.

The homeland security agency said that it had confirmed that Microsoft Windows, Apple’s Mac OS X and Linux platforms were all affected and that it was “unaware of a practical solution to this problem.”

It recommended that users disable Java in their Web browsers.

Apple stopped shipping its computers with Java enabled last year, but said it was remotely disabling the Java 7 plug-in on Macs where it had already been installed. Windows and Linux users can disable Java by following this guide on Oracle’s Web site: http://www.java.com/en/download/help/disable_browser.xml

Oracle did not return a request for comment on Sunday. (Oracle told ZDNet that a fix will be made available “shortly”; see link, above.)

Java, a widely used programming language that runs on more than 850 million personal computers, has been the source of security problems before.

Last April, hackers exploited a Java vulnerability to infect more than half a million Apple computers with a vicious form of malware in what was the largest-scale attack on the OS X operating system to date.

A month later, the Shadowserver Foundation, a nonprofit group that tracks cyber threats, discovered that hackers had used a Java security hole to infect visitors to several foreign policy Web sites, including the Web sites of the International Institute for Counter-Terrorism, Amnesty International Hong Kong and the Cambodian Ministry of Foreign Affairs.

The exploit was particularly disconcerting because it let attackers download a malicious program onto its victims’ machines without prompting. Users did not even have to click on a malicious link for their computers to be infected.

The program simply downloaded itself.

Previous
Read about it and weep (more) — Falcons 30, Seahawks 28
Next
PDN speakers available to address clubs, organizations and other gatherings

More in News

Port Townsend Main Street Program volunteers, from left, Amy Jordan, Gillian Amas and Sue Authur, and Main Street employees, Sasha Landes, on the ladder, and marketing director Eryn Smith, spend a rainy morning decorating the community Christmas tree at the Haller Fountain on Wednesday. The tree will be lit at 4 p.m. Saturday following Santa’s arrival by the Kiwanis choo choo train. (Steve Mullensky/for Peninsula Daily News)
Decoration preparation

Port Townsend Main Street Program volunteers, from left, Amy Jordan, Gillian Amas… Continue reading

Port Angeles approves balanced $200M budget

City investing in savings for capital projects

Olympic Medical Center Board President Ann Henninger, left, recognizes commissioner Jean Hordyk on Wednesday as she steps down after 30 years on the board. Hordyk, who was first elected in 1995, was honored during the meeting. (Paula Hunt/Peninsula Daily News)
OMC Commissioners to start recording meetings

Video, audio to be available online

Jefferson PUD plans to keep Sims Way project overhead

Cost significantly reduced in joint effort with port, city

Committee members sought for ‘For’ and ‘Against’ statements

The Clallam County commissioners are seeking county residents to… Continue reading

Christopher Thomsen, portraying Santa Claus, holds a corgi mix named Lizzie on Saturday at the Airport Garden Center in Port Angeles. All proceeds from the event were donated to the Peninsula Friends of Animals. (Dave Logan/for Peninsula Daily News)
Santa Paws

Christopher Thomsen, portraying Santa Claus, holds a corgi mix named Lizzie on… Continue reading

Peninsula lawmakers await budget

Gov. Ferguson to release supplemental plan this month

Clallam County looks to pass deficit budget

Agency sees about 7 percent rise over 2025 in expenditures

Officer testifies bullet lodged in car’s pillar

Witness says she heard gunfire at Port Angeles park

A copper rockfish caught as part of a state Department of Fish and Wildlife study in 2017. The distended eyes resulted from a pressure change as the fish was pulled up from a depth of 250 feet. (David B. Williams)
Author to highlight history of Puget Sound

Talk at PT Library to cover naming, battles, tribes

Vern Frykholm, who has made more than 500 appearances as George Washington since 2012, visits with Dave Spencer. Frykholm and 10 members of the New Dungeness Chapter, NSDAR, visited with about 30 veterans on Nov. 8, just ahead of Veterans Day. (New Dungeness Chapter DAR)
New Dungeness DAR visits veterans at senior facilities

Members of the New Dungeness Chapter, National Society Daughters of… Continue reading

Festival of Trees contest.
Contest: Vote for your favorite tree online

Olympic Medical Center Foundation’s Festival of Trees event goes through Dec. 25