Java security vulnerability discovered, Either disable or downgrade the Java version

A new Java 7 (also known as Java 1.7) exploit has been discovered that allows hackers to install malware on Windows, Mac OS X, and Linux machines.In-the-wild attacks using this exploit are currently only targeting Windows but the exploit can be easily reworked for Mac OS X and Linux machines that have the latest version of Java installed. The exploit allows hackers to gain access to infected computers and execute malicious outside of Java. Of the attacks discovered so far, the attack vector has been infected websites and the attacks have installed Poison Ivy Remote Access Trojan on infected machines.

What is remarkable about this exploit is it circumvents Java’s security sandbox, a feature of Java that is supposed to restrict malicious Java code to just Java and not allow access to other parts of your system.

The next scheduled Java patch is for mid October so unless Oracle introduces an emergency update, the earliest possible this will get fixed is October. Until this is fixed, security experts are suggesting users uninstall Java, if you don’t use Java for any programs (such as OpenOffice). If you do use Java, then at least disable Java in your browser to protect yourself from drive-by attacks. If you don’t want to disable Java at all, you can downgrade to an earlier version of Java to protect yourself from this particular exploit but downgrading is not recommended because earlier versions of Java have their own problems.

A security firm is claiming that it had informed oracle regarding this four months back. If it is true oracle must had taken it seriously. It is a big threat because a it gives hackers access to lot of sensitive information. I suggest you should either disable the plugin from your browser or downgrade to earlier version.