Another Trojan horse has been identified that exploits a defect considered in Java, leaving PCs running Windows, Mac OS, and Linux helpless to attack. Mal/JavaJar-B permits attackers to remotely trigger code once it infects the system, potentially leading to the installation of malware, or even ransomware. Oracle hasn’t yet fixed the vulnerability, which targets even the most recent version of Java.
US-CERT RECOMMENDS THAT USERS DISABLE JAVA IN WEB BROWSERS
The issue is so extensive that the Computer Emergency Readiness Team at the Department of Homeland Security has urged users to disable Java. The governmental organization says in a release that the vulnerability “is being actively exploited” and that “exploit code is publicly available.” US-CERT suggests that Java be debilitated in the browser until an update is pushed out by Oracle.
Actually, Apple has already taken those very steps for Mac OS X clients. The company has pushed a modification to its Xprotect. plist blacklist that updates the minimum required version of Java to a future version that hasn’t yet been released. The vulnerability works across all Java plug-in version up to 1.7.0_10-b18, with Apple redesigning its blacklist to need b19. Subsequently, the anti-malware service is introduced on Mac OS X prevents the Java browser plug-in from running at all.
