A previously unknown vulnerability has been detected that allows an attacker to “silently” install malicious programs that infect computers running the Java plugin with malware. From all indications, it appears the vulnerability is specific to Java 7 version and is reported to work against a fully patched installation of Java 7. The security vulnerability takes advantage of the insecure implementation of the Java Reflection API to bypass Java security restrictions. If you have Java 7 installed in your web browser(s), you risk having malware installed on your computer if you visit any compromised websites. The “zero-day” vulnerability is only 1 day old as of this post, and there does not appear to be a security patch for it yet, so I’ll join the band wagon here and say that if you currently have the Java 7 Plugin installed in your browser, DISABLE IT! Update: Monday, January 14, 2013 Oracle released an update yesterday, however, security experts warn that bugs still exist in the Java software that could allow hackers exploit vulnerabilities in the browser plugin. Despite the update, there are still a number of security flaws in Java. According to HD Moore, chief security officer with Rapid7: "advising businesses to remove Java from the browsers of all employees except for those who absolutely need to use the technology for critical business purposes."
