US Certs warns users to disable Java in web browsers on 10 Jan 2013. The main reason is due to Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Apple and Mozilla have chosen to disable the Java by default for the latest update. To manually disable Java (I think mainly the Java Applet where the programs run in a web browser), you will need go into individual browser to disable it.
I think this is mainly will affect the Interner users where the vulnerability is easily happen from anonymous websites. Whereas those Java Applet developed by corporate and run in intranet should be safe (unless they expose to Internet as well).
There is a solution for this actually. You can upgrade your Java Runtime to version 7u11 which this issue and several other security related issue. However, US cert recommends user to disable the Java usage in web browser even you have updated the Java Runtime to the latest one unless it is absolutely necessary.
*If you are not sure what to do, simply disable it 🙂
Soure:
http://www.kb.cert.org/vuls/id/625617
http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html
Leave a Reply