Latest Java software opens PCs to hackers

JIM FINKLE
Last updated 14:56 28/08/2012

Relevant offers

Digital Living

Google wants to know when users, tempted by an online advert, go to the shops Leaked: hundreds of internal Facebook documents on sex, violence, and terrorism Businessman's ransom nightmare at the hands of cyber hackers Instagram is the worst social network for young people's mental health Google's focus on AI means it will get even deeper into our lives Computer course helping 'digitally disadvantaged' saves ailing mother's family Online retail giants force NZ businesses to implement digital strategies Cyberattack hits at least 200,000 victims in 150 countries British researcher Marcus Hutchins finds kill switch, 'accidentally' stops malware crippling computers worldwide New Zealand upping digital security after 'massive' worldwide cyberattack

Computer security firms are urging PC users to disable Java software in their browsers, saying the widely installed, free software from Oracle opens machines to hacker attacks and there is no way to defend against them.

The warnings, which began emerging over the weekend from Rapid7, AlienVault and other cyber security firms, are likely to unnerve a PC community scrambling to fend off growing security threats from hackers, viruses and malware.

Researchers have identified code that attacks machines by exploiting a newly discovered flaw in the latest version of Java. Once in, a second piece of software called "Poison Ivy" is released that lets hackers gain control of the infected computer, said Jaime Blasco, a research manager with AlienVault Labs.

Several security firms advised users to immediately disable Java software - installed in some form on the vast majority of personal computers around the world - in their Internet browsers. Oracle says that Java sits on 97 per cent of enterprise desktops.

"If exploited, the attacker will be able to perform any action the victim can perform on the victim's machine," said Tod Beardsley, an engineering manager with Rapid7's Metasploit division.

Computers can get infected without their users' knowledge simply by a visit to any website that has been compromised by hackers, said Joshua Drake, a senior research scientist with the security firm Accuvant.

Java is a computer language that enables programmers to write one set of code to run on virtually any type of machine. It is widely used on the Internet so that Web developers can make their sites accessible from multiple browsers running on Microsoft Windows PCs or Macs from Apple.

An Oracle spokeswoman said she could not immediately comment on the matter.

Security experts recommended that users not enable Java for universal use on their browsers. Instead, they said it was safest to allow use of Java browser plug-ins on a case-by-case basis when prompted for permission by trusted programs such as GoToMeeting, a Web-based collaboration tool from Citrix Systems Inc

Rapid7 has set up a web page that tells users whether their browser has a Java plug-in installed that is vulnerable to attack.

Ad Feedback

- Reuters

Comments

Special offers

Featured Promotions

Sponsored Content