Computer users are being advised by security experts to disable Oracle
Corp's widely used Java software after a security flaw was discovered in
the past day that they say hackers are exploiting to attack computers.
"Java is a mess. It's not secure," said Jaime Blasco, Labs Manager with AlienVault Labs. "You have to disable it."
Java,
which is installed on hundreds of millions of PCs around the globe, is a
computer language that enables programmers to write software using just
one set of code that will run on virtually any type of computer.
It
is used so that Web developers can make sites accessible from browsers
running on Microsoft Corp Windows PCs or Macs from Apple Inc.
Computer
users access those programs through modules, or plug-ins, that run Java
software on top of browsers such as Internet Explorer and Firefox.
Three
computer security experts told Reuters on Thursday that computer users
should disable those Java modules to protect themselves from attack.
A spokeswoman for Oracle said she could not immediately comment on the matter.
"This
is like open hunting season on consumers," said HD Moore, chief
security officer with Rapid7, a company that helps businesses identify
critical security vulnerabilities in their networks.
Moore said machines running on Mac OS X, Linux or Windows all appear to be vulnerable to attack.
Marc
Maiffret, chief technology officer with BeyondTrust, said that
businesses may need to keep using Java to access some websites and
Internet-based programs that run on the technology.
"The challenge
is mainly for businesses , however, which have to use it for some
applications," he said. "Oracle simply needs to do a lot more to secure
Java and get their act together."
Security experts said the risk
of attack is currently high because developers of several popular tools
known as exploit kits that criminals use to attack PCs have added
software that allows hackers to exploit the newly discovered bug in Java
to attack computers.
© Thomson Reuters 2012