The warning came like a shot out of nowhere: Disable Java! Quickly! Definitely, if you're running Java 7, and possibly, if you're running older versions of Oracle's cross-platform web software, so say researchers at CERT – the United States' Computer Emergency Readiness Team.
According to a new report from Reuters, Oracle knows about the vulnerability and is working on a fix. While there's no clear timeline as to when that patch will be ready for the more than 850 million PCs that are thought to be affected by the Java issue, it's expected that Oracle will release its update soon.
"Oracle is aware of a flaw in Java software integrated with web browsers. The flaw is limited to JDK7. It does not exist in other releases of Java, and does not affect Java applications directly installed and running on servers, desktops, laptops, and other devices. A fix will be available shortly," reads a statement by Oracle provided to CNET.
According to CERT, the vulnerability could allow an attacker to execute a "drive-by-download" attack by getting a user to access a website featuring a malicious Java applet. And should a user run said applet, it could open up his or her system for an attacker to install other problematic apps without needing a user's permission to do so.
It's been suggested that the vulnerability could put users at risk for potential identity theft, depending on the malicious apps installed as part of the Java exploit. Or, arguably worse, one's system could become conscripted into a botnet and be used as part of a larger attack on other entities.
Until Oracle deploys its fix, CERT recommends that users disable Java in their Internet browsers. If you're running the latest version of Java, you need merely to pull up the Java Control Panel, navigate over to the Security tab, and uncheck the box that says, "Enable Java content in the browser."