New Java flaw identified; Old one exploited

Yep, it's a new week and Java's already off to a bad start according to the latest report from ARS Technica. The report says that this new flaw in the latest version of Java allows a hacker to completely sidestep Java's security sandbox. At the same time, one of the vulnerabilities recently patched by Oracle is now being exploited by attackers:

"The hole allows bypass of the security sandbox and was fixed by Oracle in Update 13 on Feb 1. However, exploit kits used by the attackers now reportedly target this flaw. The good news is that user interaction is required to run the exploit-no infections will occur unless the user clicks "Run" when asked "Do you want to run the application?"


So what should you do as a user? Well, aside from protecting your computers with great internet security, I can't echo enough times that Java just isn't safe. It should be uninstalled or the plug-ins disabled unless you absolutely need it.

 

(Source: SecurityWeek)