Late last year Java was hit with multiple vulnerabilities one after another. Earlier this week another Java exploit was discovered, one that is being actively exploited on the internet by criminals. Due to Java’s seemingly endless security issues, and the fact that the latest exploit is being “massively exploited in the wild”, many (including dotTech) have suggested everyone to uninstall Java or atleast disable it in browser. Now three large groups are adding weight behind the anti-Java call — Mozilla, Apple, and United States Department of Homeland Security.
Mozilla recently introduced a click-to-play feature in Firefox 17 that disabled outdated or vulnerable plugins. The latest versions of Java (Java 7u10, Java 7u9, Java 6u37, and Java 6u38) are now considered by Mozilla to be vulnerable and thus added to the plugin blacklist. Anyone that has Java installed and runs Firefox 17 and higher will be hit with a “this plugin is vulnerable and should be updated” message. This means until Java 7u11 and Java 6u39 is released and the latest vulnerability has been patched, Java is disabled by default in Firefox — you have to manually enable it if you want to use it.
Similar to Mozilla, Apple has issued an update to Mac OS X’s built-in anti-malware system to block Java 7 from running on Macs. Java 7 will not be allowed to run on Macs until it is updated to patched version by Oracle.
Lastly, the United States Department of Homeland Security has issued a public statement encouraging everyone to disable Java until Oracle issues a fix. In Vulnerability Note VU#625617, the United States Computer Emergency Readiness Team mentions “this vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits”. They go on to say “we are currently unaware of a practical solution to this problem” and recommend everyone to “disable Java in web browsers”.
Ouch? Ouch.
If you are not sure how to uninstall or disable Java, read the following guides by dotTech:
- How to disable Java for Firefox, Chrome, Internet Explorer, or Opera
- How to uninstall Java on Windows (XP, Vista, Windows 7, and Windows 8)