Security vulnerability in Java is not new. Attackers or hackers used & abused several Java vulnerabilities over the years. Oracle do updates it software to fix the issues. Still there are bugs or loopholes in the software. Recently U.S. Department of Homeland Security had released a security advisory regarding a serious vulnerability (CVE-2013-0422) in Java. The Java 7 Security Manager Bypass vulnerability could be used by attackers to remotely executive malicious software on user computers. The exploit works when users open a malicious web page on vulnerable systems (web browsers running Java plugin). So, it is recommended that you disable Java on all web browsers present in your computer.
Security Manager Bypass
The vulnerability is present in the Java Management Extensions (JMX) MBean components. Combining that vulnerability with another related to Reflection API, malicious Java applets could easily get full privileges. In other words, a system could be exploited remotely. This vulnerability was found in Java Runtime Environment (JRE) 7 Update 10 and earlier versions. It was confirmed that Java 7 installed on Windows, Linux and Mac OS X operating systems are affected. Java 6 is not affected by these vulnerabilities.
Solution: Disable Java
The bad news is that exploit code for the vulnerabilities are publicly available online. Oracle did updated it’s application to Java 7 Update 11. But several reports has confirmed that vulnerability still exists. So best advice in the current situation would be this: update to Java 7 Update 11 and keep Java disabled on your browsers.
Useful Links: