Oracle releases security update to address Java vulnerability in DHS alert

The department’s Computer Emergency Readiness Team issued an alert last
Thursday warning that hackers could take advantage of a security
vulnerability found in Oracle’s Java 7 software versions to attack
people’s computer systems. The department said a hacker could lure
people to visit a malicious website or a poisoned link that had the
manipulated Java software loaded on it.

“Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system,” the department said.

{mosads}Any Web browser using the Java 7 plug-in is affected, according to the DHS alert, and it’s recommended that users “consider disabling Java in web browsers until adequate updates are available” in order protect their computer systems against this particular security vulnerability and future ones.

Java is a type of programming language that can be used to build Web applications and run across various platforms. Maurice said Oracle is setting the security level for Java to “High,” so users will “expressly authorize the execution of [Java] applets which are either unsigned or are self-signed,” meaning they likely stem from hackers.

— This post was updated at 6:48 p.m.