Java 7 Bypass Vulnerability Alert
An article (link) released January 10, 2013 by the United States Computer Emergency Readiness Team (US-CERT.gov) states a known vulnerability in Java version 7. The overview from the mentioned article is as follows:
“A vulnerability in the way Java 7 restricts the permissions of Java applets could allow an attacker to execute arbitrary commands on a vulnerable system.”
What this means is that [essentially] all versions of Java prior to Java 7.11 (build 1.7.0_11-b21) are vulnerable to attackers ignoring security restrictions and executing potentially malicious code on your computer. These attacks on you and your computer could be “crimes from identity theft to making an infected computer part of an ad-hoc computer network that can be used to attack websites” reports Reuters.com. US-CERT also describes the most likely effected users for the vulnerability:
“Any web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors.”
How do I fix this and/or update my computer’s Java version?
The previously mentioned article from US-CERT includes a section on a Solution which initially directs users to download the weekend’s fix/update from Oracle which release notes can be found here and the actual download link can be found on this page. The US-CERT article also provides brief instructions on disabling Java in your browser for those who don’t use Java and won’t notice it being disabled.