Hackers find security Krakatoa in Java

Hackers are rushing to exploit a huge hole in Oracle’s Java software.

Over the long weekend security outfits including Rapid7, AlienVault and other cyber security firms said that the flaw is so bad that experts are urging the great unwashed to disable Java on their PCs until it is fixed.

Jaime Blasco, a research manager with AlienVault Labs said that his team identified code that attacks machines by exploiting a newly discovered flaw in the latest version of Java.

They can then use a tool called “Poison Ivy” that lets hackers gain control of the infected computer.

At the moment they say the only cure for the problem is to immediately disable Java software. This is no mean feat, the software is running on 97 percent of enterprise desktops.

The best attack vector is to lure a user to a website that has been compromised by hackers. It is safer to allow use of Java browser plug-ins on a case-by-case basis when prompted for permission by trusted programs.

Rapid7 has set up a web page that warns users whether their browser has a Java plug-in installed that is vulnerable to attack:

Oracle is not saying anything at the moment.