Last week Oracle released its latest update for Java, but another security hole has just been found that could allow a complete bypass of the security sandbox feature. Details of the latest exploit have been sent to Oracle and the waiting game for a new update starts all over again.
The latest exploit affects the ‘Java 7’ releases (older and current) by allowing the abuse of the Java Reflection API feature. While the details of the newest exploit are being kept under wraps at the moment, you can rest assured that malware authors are going to do their best to learn the details and make use of the new exploit as soon as possible. Unless you absolutely need it, you should disable or uninstall Java from your systems using our guide:
Something else to keep in mind is that malware authors are actively exploiting a security hole in the older ‘Java 7 Update 11’ release. If you know of someone using this version, then make sure they are aware of the risk and suggest that they disable Java on their systems at a minimum.
You can also read more about how a Java exploit was used to infect computers belonging to Microsoft and Apple in the Security News section of our latest Week in Geek post.